[jira] [Resolved] (SPARK-38649) Fix SECURITY.md

Sat, 16 Apr 2022 13:22:04 -0700 


     [ 
https://issues.apache.org/jira/browse/SPARK-38649?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Sean R. Owen resolved SPARK-38649.
----------------------------------
    Resolution: Not A Problem

> Fix SECURITY.md
> ---------------
>
>                 Key: SPARK-38649
>                 URL: https://issues.apache.org/jira/browse/SPARK-38649
>             Project: Spark
>          Issue Type: Bug
>          Components: Documentation
>    Affects Versions: 3.4.0
>            Reporter: Bjørn Jørgensen
>            Priority: Trivial
>
> At [Github Security -> Security 
> policy|https://github.com/apache/spark/security/policy] 
> The info there does not tell users what to do, if they have found a security 
> issue.
> The default text for this page is 
>  
> "
> # Security Policy
> ## Supported Versions
> Use this section to tell people about which versions of your project are
> currently being supported with security updates.
> | Version | Supported          |
> | ------- | ------------------ |
> | 5.1.x   | :white_check_mark: |
> | 5.0.x   | :x:                |
> | 4.0.x   | :white_check_mark: |
> | < 4.0   | :x:                |
> ## Reporting a Vulnerability
> Use this section to tell people how to report a vulnerability.
> Tell them where to go, how often they can expect to get an update on a
> reported vulnerability, what to expect if the vulnerability is accepted or
> declined, etc.
> "
> We should change this to something like:
> "
> Reporting security issues
> Apache Spark uses the standard process outlined by the Apache Security Team 
> for reporting vulnerabilities. Note that vulnerabilities should not be 
> publicly disclosed until the project has responded.
> To report a possible security vulnerability, please email 
> secur...@spark.apache.org. This is a non-public list that will reach the 
> Apache Security team, as well as the Spark PMC.
> For more info https://spark.apache.org/security.html 
> "
>   



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org

Reply via email to