Mailing List Archive

Security policy on Github
I would like to suggest that we fill a very basic document that shows on Github as our security policy.
Below my proposal for a SECURITY.md :


===================================================================
# Security Policy

## Supported Versions

Currently the only supported version is the latest patch release of the
2.4.x stable branch.

## Security Updates

[Apache 2.4 Security Vulnerabilities](http://httpd.apache.org/security/vulnerabilities_24.html)

## Reporting a Vulnerability

For information on how to report a new security problem please see
[here](http://httpd.apache.org/security_report.html)
=========================================================================================

Any objections?

Regards

RĂ¼diger
Re: Security policy on Github [ In reply to ]
> Am 25.06.2021 um 09:15 schrieb Ruediger Pluem <rpluem@apache.org>:
>
> I would like to suggest that we fill a very basic document that shows on Github as our security policy.
> Below my proposal for a SECURITY.md :
>
>
> ===================================================================
> # Security Policy
>
> ## Supported Versions
>
> Currently the only supported version is the latest patch release of the
> 2.4.x stable branch.
>
> ## Security Updates
>
> [Apache 2.4 Security Vulnerabilities](http://httpd.apache.org/security/vulnerabilities_24.html)
>
> ## Reporting a Vulnerability
>
> For information on how to report a new security problem please see
> [here](http://httpd.apache.org/security_report.html)
> =========================================================================================
>
> Any objections?

None. Good idea. +1
Re: Security policy on Github [ In reply to ]
On 6/25/21 9:15 AM, Ruediger Pluem wrote:
> I would like to suggest that we fill a very basic document that shows on Github as our security policy.
> Below my proposal for a SECURITY.md :
>
>
> ===================================================================
> # Security Policy
>
> ## Supported Versions
>
> Currently the only supported version is the latest patch release of the
> 2.4.x stable branch.
>
> ## Security Updates
>
> [Apache 2.4 Security Vulnerabilities](http://httpd.apache.org/security/vulnerabilities_24.html)
>
> ## Reporting a Vulnerability
>
> For information on how to report a new security problem please see
> [here](http://httpd.apache.org/security_report.html)
> =========================================================================================
>
> Any objections?
>

Great idea, +1.

Giovanni