RFR: 8340815: Add SECURITY.md file [v2]
Mark Reinhold
mr at openjdk.org
Tue Sep 24 22:28:36 UTC 2024
On Tue, 24 Sep 2024 19:20:11 GMT, George Adams <gdams at openjdk.org> wrote:
>> Currently the [security tab](https://github.com/openjdk/jdk/security) on the GitHub repos is empty with no clear information or links on where to report security vulnerabilities.
>>
>> <img width="1278" alt="Screenshot 2024-09-24 at 14 28 37" src="https://github.com/user-attachments/assets/4fd68f9f-46d8-4c06-ad71-52747c8f5cf2">
>>
>> I've added a simple SECURITY.md file which includes the link to the official policy on the website.
>
> George Adams has updated the pull request incrementally with one additional commit since the last revision:
>
> switch to link to website
Changes requested by mr (Lead).
SECURITY.md line 3:
> 1: # OpenJDK Vulnerabilities
> 2:
> 3: Please follow the process outlined in the [OpenJDK Vulnerability Policy](https://openjdk.org/groups/vulnerability/report) to disclose vulnerabilities in the OpenJDK codebase.
s/OpenJDK/JDK/ in the title and immediately preceding “codebase”, please. “OpenJDK” is the name of a community; “JDK” is the name of a body of code.
Having done that, you could simplify “in the JDK codebase” simply to “in the JDK”.
-------------
PR Review: https://git.openjdk.org/jdk/pull/21155#pullrequestreview-2326594491
PR Review Comment: https://git.openjdk.org/jdk/pull/21155#discussion_r1774163597
More information about the build-dev
mailing list