RFR: 8340954: Add SECURITY.md file
Kevin Rushforth
kcr at openjdk.org
Wed Sep 25 21:27:41 UTC 2024
On Wed, 25 Sep 2024 21:19:25 GMT, Andy Goryachev <angorya at openjdk.org> wrote:
>> A `SECURITY.md` file was recently added to the jdk repo. GitHub will show that policy if you click on the ["Security" tab](https://github.com/openjdk/jdk/security) of the jdk repo -- If you are logged in, you may need to further click on the ["Policy" tab](https://github.com/openjdk/jdk/security/policy).
>>
>> We need a copy of this file in the jfx repo, so that similarly, you will see the policy if you click on the ["Security" tab](https://github.com/openjdk/jfx/security) of the jfx repo -- if you are logged in, you may need to further click on the ["Policy" tab](https://github.com/openjdk/jfx/security/policy).
>>
>> The `SECURITY.md` file in this PR is identical to the one in the jdk repo, with "JDK" replaced by "JavaFX" in two places (the section header and the name of the software).
>>
>> See openjdk/jdk#21155 for more details.
>
> SECURITY.md line 3:
>
>> 1: # JavaFX Vulnerabilities
>> 2:
>> 3: Please follow the process outlined in the [OpenJDK Vulnerability Policy](https://openjdk.org/groups/vulnerability/report) to disclose vulnerabilities in JavaFX.
>
> since FX is not technically a part of JDK, should it point to a separate (new) page instead of https://openjdk.org/groups/vulnerability/report ?
No. JavaFX _is_ part of OpenJDK. It is irrelevant whether or not it happens to be bundled with the JDK.
-------------
PR Review Comment: https://git.openjdk.org/jfx/pull/1578#discussion_r1776009562
More information about the openjfx-dev
mailing list