afs commented on code in PR #128: URL: https://github.com/apache/jena-site/pull/128#discussion_r1026914338
########## source/about_jena/security-advisories.md: ########## @@ -0,0 +1,103 @@ +--- +title: Jena Security Advisories +--- + +# Security Issue Policy + +## Process Review Comment: The title becomes an H1 on the page. So that's two H1 then an H2. ---  --- For appearance, drop the "# " ; adds some text to separate the H1 from the H2 Process. ########## source/about_jena/contributions.md: ########## @@ -11,7 +11,7 @@ This list is provided for information purposes only, and is not meant as an endorsement of the mentioned projects by the Jena team. If you wish your contribution to appear on this page, please raise a -Jira issue with the details to be published. +Jira or GitHub issue with the details to be published. Review Comment: Slightly better to github first as it's the main channel now. ########## source/about_jena/security-advisories.md: ########## @@ -0,0 +1,103 @@ +--- +title: Jena Security Advisories +--- + +# Security Issue Policy + +## Process + +Jena follows the standard [ASF Security for Committers](https://www.apache.org/security/committers.html) policy for +reporting and addressing security issues. + +If you think you have identified a Security issue in our project please refer to that policy for how to report it, and +the process that the Jena Project Management Committee (PMC) will follow in addressing the issue. + +## Single Supported Version + +As a project with a relatively small developer community Apache Jena only has the resources to maintain a single release Review Comment: ```suggestion As a project, Apache Jena only has the resources to maintain a single release ``` No need to apologise! ########## source/about_jena/security-advisories.md: ########## @@ -0,0 +1,103 @@ +--- +title: Jena Security Advisories +--- + +# Security Issue Policy + +## Process + +Jena follows the standard [ASF Security for Committers](https://www.apache.org/security/committers.html) policy for +reporting and addressing security issues. + +If you think you have identified a Security issue in our project please refer to that policy for how to report it, and +the process that the Jena Project Management Committee (PMC) will follow in addressing the issue. + +## Single Supported Version + +As a project with a relatively small developer community Apache Jena only has the resources to maintain a single release +version. Therefore any accepted security issue reported will be fixed by developing a fix for our `main` branch. We +will then make a release with the fix in a timeframe appropriate to the severity of the issue. Review Comment: ```suggestion version. Any accepted security issue will be fixed in a future release in a timeframe appropriate to the severity of the issue. ``` We're suppose to not highlight security code fixes until the CVE is public (e.g. no git commit reference). Being git, we can't have private branches built no need to highlight the development. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@jena.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
