pulsar icon indicating copy to clipboard operation
pulsar copied to clipboard

Published 20 hours ago verified publisher icon apache

[docs] Clarify security vulnerability process and reporting

Open lhotari opened this issue 2 years ago • 2 comments

Motivation

  • the previous description wasn't clear and could cause confusion
  • the page https://pulsar.apache.org/docs/security-policy-and-supported-versions/ source is under the last published version and didn't get updated with the last changes made by #16962 (that was only visible in https://pulsar.apache.org/docs/next/security-policy-and-supported-versions/)

Modification

  • Clarify the security vulnerability process and reporting
  • Add information also to SECURITY.md so that the information is available also in cases when pulsar.apache.org isn't reachable or the reader doesn't click on links to read the relevant information. It's better to duplicate information about the vulnerability handling process in SECURITY.md.

lhotari avatar Aug 10 '22 08:08 lhotari

related to #14610 and #16962 (fix for #16919 which was caused by #14610 changes)

lhotari avatar Aug 10 '22 09:08 lhotari

@tisonkun @Anonymitaet @dave2wave @michaeljmarshall please review

lhotari avatar Aug 10 '22 09:08 lhotari

I'm bothered that we have versioned docs about security policies and supported versions. It makes no sense. I would suggest a further PR removes all of these and instead in the versioned menus refers to the common and most current version.

dave2wave avatar Aug 10 '22 18:08 dave2wave

I'm bothered that we have versioned docs about security policies and supported versions. It makes no sense. I would suggest a further PR removes all of these and instead in the versioned menus refers to the common and most current version.

@dave2wave Yes, that's a problem. I created #17052 to track it.

lhotari avatar Aug 10 '22 19:08 lhotari