Re: Configuring/sharing Airflow github repo security alerts

2018-12-18 Thread Tao Feng 
Thanks Feng for the suggestion. Just file
https://issues.apache.org/jira/browse/INFRA-17470.

On Tue, Dec 18, 2018 at 6:25 PM Feng Lu  wrote:

> Cool, thank you Ash. Kindly let us know when you have opened the INFRA jira
> ticket.
>
> On Tue, Dec 18, 2018 at 2:21 AM Ash Berlin-Taylor 
> wrote:
>
> > We're not admins of the repo - only the ASF Infra team are, so we'll
> > have to open an ticket against the INFRA queue in jira asking for this
> >
> > (I haven't done this. Not on large device right now)
> >
> > -a
> >
> > Feng Lu wrote on 18/12/2018 08:01:
> > > Hi all,
> > >
> > > Looks like GitHub now adds a new "Security Alert" feature
> > > <
> >
> https://help.github.com/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository/
> > >
> > > for tracking dependency CVEs, unfortunately I couldn't find it in
> Airflow
> > > repo.  So if it
> makes
> > > sense to the community, could Airflow repo admin (assume it means PMC
> > > members ;p) help to enable the alert feature and make it publicly
> > > available?
> > >
> > > Happy to take a stab myself if I have the access permission.
> > > Thanks.
> > >
> > > Feng
> > >
> >
> >
>

Re: Configuring/sharing Airflow github repo security alerts

2018-12-18 Thread Feng Lu 
Cool, thank you Ash. Kindly let us know when you have opened the INFRA jira
ticket.

On Tue, Dec 18, 2018 at 2:21 AM Ash Berlin-Taylor 
wrote:

> We're not admins of the repo - only the ASF Infra team are, so we'll
> have to open an ticket against the INFRA queue in jira asking for this
>
> (I haven't done this. Not on large device right now)
>
> -a
>
> Feng Lu wrote on 18/12/2018 08:01:
> > Hi all,
> >
> > Looks like GitHub now adds a new "Security Alert" feature
> > <
> https://help.github.com/articles/viewing-and-updating-vulnerable-dependencies-in-your-repository/
> >
> > for tracking dependency CVEs, unfortunately I couldn't find it in Airflow
> > repo.  So if it makes
> > sense to the community, could Airflow repo admin (assume it means PMC
> > members ;p) help to enable the alert feature and make it publicly
> > available?
> >
> > Happy to take a stab myself if I have the access permission.
> > Thanks.
> >
> > Feng
> >
>
>

Re: Configuring/sharing Airflow github repo security alerts

2018-12-18 Thread Ash Berlin-Taylor 
We're not admins of the repo - only the ASF Infra team are, so we'll 
have to open an ticket against the INFRA queue in jira asking for this


(I haven't done this. Not on large device right now)

-a

Feng Lu wrote on 18/12/2018 08:01:

Hi all,

Looks like GitHub now adds a new "Security Alert" feature

for tracking dependency CVEs, unfortunately I couldn't find it in Airflow
repo.  So if it makes
sense to the community, could Airflow repo admin (assume it means PMC
members ;p) help to enable the alert feature and make it publicly
available?

Happy to take a stab myself if I have the access permission.
Thanks.

Feng