The security list should be ok and the PPMC will be included through private channel if issues are found.
On 2021/03/04 01:03:20, "Srivastava, Rohit Kumar" <[email protected]> wrote: > Hi, > Bumping up the thread. If anyone thinks that there is a need to add > information to our Security FAQ page: > https://mxnet.apache.org/versions/master/api/faq/security.html > Please let us know. > > I would also like to bring up that current security vulnerabilities are to be > reported to [email protected]<mailto:[email protected]> as per Apache > guidelines. Is there a requirement to have a separate mailing list for that ? > > -Rohit > > From: "Srivastava, Rohit Kumar" <[email protected]> > Date: Friday, February 26, 2021 at 11:47 AM > To: "[email protected]" <[email protected]> > Subject: Feedback on security vulnerability reporting guidelines > > Hi, > MXNet has the following page that highlights steps on how to report > security vulnerabilities for MXNet: > https://mxnet.apache.org/versions/master/api/faq/security.html > > It lists instructions on reporting undisclosed vulnerabilities, security > practices, links to apache security guidelines for users and committers and > also lists considerations for users deploying propriety models to productions > services. > > IMO this page provides sufficient information to anyone as to how to inform > apache or project team about vulnerabilities in MXNet. If the community could > also take a look and provide suggestions if anything is missing or needs > improvement would be helpful. > > -Rohit >
