Versions Compared

Old Version 6

changes.mady.by.user Donald Woods

Saved on

compared with

New Version 7

changes.mady.by.user Joseph Alan Bohn

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Team ACKs security report.
  2. Team investigates report and either rejects it or accepts it.
  3. If rejected, write to submitter and explain why.
  4. If accepted, write to submitter and let them know it is accepted and we are working on a fix.
  5. Request a CVE number from security@a.o
  6. Agree on a fix on our private@ list.
  7. Provide the submitter with a copy of the fix and a draft vulnerability announcement for comment.
  8. Reach an agreement for the fix, announcement and release schedule with the submitter.
  9. Commit Create a JIRA and commit the fix in all actively maintained releases.Roll a release for each actively maintained branch (unreleased trunk can wait.)
  10. Announce the vulnerability (users, dev, security@a.o, bugtraq at securityfocus.com, full-disclosure at lists.grok.org.uk and project security pages)
  11. Update the JIRA and svn log to include the CVE number.
  12. Roll a release for each actively maintained branch (unreleased trunk can wait.)

Access to TCK

Apache committers can request access to TCK following this process:

...