Commons Compress has a Security Reports page: http://commons.apache.org/proper/commons-compress/security.html
which contains details of known security issues. The page links to the general commons security page http://commons.apache.org/security.html for details of how to report security issues. I think it is a good idea to have both pages, but I wonder whether it might be less confusing if the pages had slightly different names? Especially since CP 37 site.xml has a bug which means that the Security link under General Information is resolved as being relative to the component. [This is a "feature" of Maven site when used with parent POMs]. If a component wants to provide a security report page, I suggest it should be called "security-report.html" or similar. Compress seems to be the only one with such a page so far, so it would not involve much work. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org