Details
-
New Feature
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
None
Description
According to the Apache Project Maturity Model:
QU30: The project provides a well-documented, secure and private channel to report security issues, along with a documented way of responding to them.
Apache projects can just point to http://www.apache.org/security/ or use their own security contacts page, which should also point to that.
This issue can be solved simply by adding a link to Apache Security page to SINGA website.
However, I would also suggest to :
- create a sub team in SINGA (even starting with one person) for security
- ask for an email security@singa.apache for project security contacts
- create a new page for security in SINGA website
- add SINGA security team (page and email) to ASF Project Security Information page
Machine learning systems like SINGA may work with sensitive data (e.g. medical data, finance, etc.) and SINGA provides distributed training where data and models can be shared in a network. If SINGA security team provides details to ensure the best security practices, this can be an important feature to show in SINGA now or in a future release.
Attachments
Issue Links
- blocks
-
SINGA-405 Graduate Apache SINGA (incubating) as a TLP
-
- Resolved
-