[jira] [Updated] (NIFI-9619) Remove GPG key from Security Disclosure details
[ https://issues.apache.org/jira/browse/NIFI-9619?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-9619: --- Fix Version/s: 1.16.0 Resolution: Fixed Status: Resolved (was: Patch Available) > Remove GPG key from Security Disclosure details > --- > > Key: NIFI-9619 > URL: https://issues.apache.org/jira/browse/NIFI-9619 > Project: Apache NiFi > Issue Type: Improvement > Components: Documentation Website >Reporter: David Handermann >Assignee: David Handermann >Priority: Trivial > Fix For: 1.16.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > The Security Vulnerability Disclosure instructions reference a GPG key > fingerprint for secur...@nifi.apache.org as an option for reporting sensitive > information. The public key associated with the fingerprint expired on > 2021-03-23. The difficulty of sharing a GPG private key with all members of > the PMC outweighs the potential benefit of supporting this method of > vulnerability reporting. For these reasons, the GPG key fingerprint should be > removed from the Security Vulnerability Disclosure instructions. -- This message was sent by Atlassian Jira (v8.20.1#820001)
[jira] [Updated] (NIFI-9619) Remove GPG key from Security Disclosure details
[ https://issues.apache.org/jira/browse/NIFI-9619?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] David Handermann updated NIFI-9619: --- Status: Patch Available (was: In Progress) > Remove GPG key from Security Disclosure details > --- > > Key: NIFI-9619 > URL: https://issues.apache.org/jira/browse/NIFI-9619 > Project: Apache NiFi > Issue Type: Improvement > Components: Documentation Website >Reporter: David Handermann >Assignee: David Handermann >Priority: Trivial > Time Spent: 10m > Remaining Estimate: 0h > > The Security Vulnerability Disclosure instructions reference a GPG key > fingerprint for secur...@nifi.apache.org as an option for reporting sensitive > information. The public key associated with the fingerprint expired on > 2021-03-23. The difficulty of sharing a GPG private key with all members of > the PMC outweighs the potential benefit of supporting this method of > vulnerability reporting. For these reasons, the GPG key fingerprint should be > removed from the Security Vulnerability Disclosure instructions. -- This message was sent by Atlassian Jira (v8.20.1#820001)
