Move security team details into contributing docs #32496
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jedcunningham
requested review from
ashb,
potiuk,
ephraimbuddy,
pankajkoti,
pierrejeambrun,
dstandish,
eladkal,
o-nikolas and
phanikumv
jedcunningham
commented
Jul 10, 2023
| Security Team | ||
| ------------- | ||
|
|
||
| Security issues in Airflow are handled by the Airflow Security Team. The team consists |
There was a problem hiding this comment.
This is mostly unchanged, but I did reword a few trivial things in here (e.g. dropped "The" from the first sentence).
o-nikolas
approved these changes
Jul 10, 2023
potiuk
approved these changes
Jul 10, 2023
vincbeck
approved these changes
Jul 10, 2023
eladkal
approved these changes
Jul 10, 2023
Adaverse
reviewed
Jul 10, 2023
| * Severity of the issue is determined based on the criteria described in the | ||
| [Severity Rating blog post](https://security.apache.org/blog/severityrating/) by the Apache Software | ||
| Foundation Security team | ||
| Security issues in Airflow are handled by the Airflow Security Team. Details about the Airflow Security Team and how members of it are chosen can be found in the [Contributing documentation](https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst#security-team). |
There was a problem hiding this comment.
Suggested change
| Security issues in Airflow are handled by the Airflow Security Team. Details about the Airflow Security Team and how members of it are chosen can be found in the [Contributing documentation](https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst#security-team). | |
| Security issues in Airflow are handled by the Airflow Security Team. Details about the Airflow Security Team and how members of it are chosen can be found in the [Contributing documentation](https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst). |
security-teams section does not exist do we mean URL of some other page?
There was a problem hiding this comment.
It will exist though, it's being added in this PR :)
potiuk
added a commit
to potiuk/airflow
that referenced
this pull request
Aug 24, 2023
The security policy should be the place where researchers are looking on how to assign severity to their reports. We had the link to the ASF blog post decribing how we assess the severity but it has been moved out in apache#32496 somewhat accidentally to the information about the security team. It can stay there (as a reference for the security team members/internal, but it would be great to keep it in our Policy targeted for the researchers.
potiuk
added a commit
that referenced
this pull request
Aug 24, 2023
* Add back link to the ASF blog about severity to the policy The security policy should be the place where researchers are looking on how to assign severity to their reports. We had the link to the ASF blog post decribing how we assess the severity but it has been moved out in #32496 somewhat accidentally to the information about the security team. It can stay there (as a reference for the security team members/internal, but it would be great to keep it in our Policy targeted for the researchers. Co-authored-by: Pankaj Koti <pankajkoti699@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I think it makes sense to move the details about the security team into the normal contributing docs roles area. This 1) keeps the roles in the community in 1 place and 2) keeps out security policy in GH smaller/simpler.