[NIFI-9619] Remove GPG key from Security Disclosure details - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Trivial
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.16.0
Component/s: Documentation & Website
Labels:
None

Description

The Security Vulnerability Disclosure instructions reference a GPG key fingerprint for security@nifi.apache.org as an option for reporting sensitive information. The public key associated with the fingerprint expired on 2021-03-23. The difficulty of sharing a GPG private key with all members of the PMC outweighs the potential benefit of supporting this method of vulnerability reporting. For these reasons, the GPG key fingerprint should be removed from the Security Vulnerability Disclosure instructions.

Attachments

Issue Links

links to

GitHub Pull Request #55

GitHub Pull Request #5702

Activity

People

Assignee:: David Handermann

Reporter:: David Handermann

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Jan/22 21:52

Updated:: 21/Jan/22 22:20

Resolved:: 21/Jan/22 22:20

Time Tracking

Estimated:

Not Specified

Remaining:

Logged:

1h 10m