alamb commented on PR #9730: URL: https://github.com/apache/arrow-rs/pull/9730#issuecomment-4254490166
> The doc and associated link sprinkling seem very reasonable and welcome, ❤️ > but I don't think I understand how this will "reduce the flow" of "a deluge of low quality bug reports masquerading as security problems" ? > > Or does it just make it easier to summarily close them because they don't follow the official guidelines? Yes, basically having this documented means that upstream filters (aka the apache security team) can point to these guidelines if they get reports that are bugs. At the moment in Arrow sometimes it is not clear which crash is a security issue and which is just a bug > I think we should define what exploitable means, as it is so important to this section. Yes that is an excellent idea and I will do so -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
