THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
- Team ACKs security report.
- Team investigates report and either rejects it or accepts it.
- If rejected, write to submitter and explain why.
- If accepted, write to submitter and let them know it is accepted and we are working on a fix.
- Request a CVE number from security@a.o
- Agree on a fix on our private@ list.
- Provide the submitter with a copy of the fix and a draft vulnerability announcement for comment.
- Reach an agreement for the fix, announcement and release schedule with the submitter.
- Create a JIRA and commit the fix in all actively maintained releases.
- Announce the vulnerability (users, dev, security@a.o, bugtraq at securityfocus.com, full-disclosure at lists.grok.org.uk and project security pages)
- Update the JIRA and svn log to include the CVE number.
- Roll a release for each actively maintained branch (unreleased trunk can wait.)
Access to Geronimo TCK Test Harness
Apache committers can request access to the TCK following this process:
- Requester should send a note to jcp-open@apache.org requesting access to the JCP TCKs
- Requester should also send sends a note to the PMC list requesting access to the Geronimo Test Harness with a quick summary of their goals.
- PMC member acknowledges receipt of the request back to the user.
- PMC member confirms that requester has submitted an NDA:
- ASF members can confirm by inspecting the contents of https://svn.apache.org/repos/private/foundation/Correspondence/JCP/tck-nda-list.txt or
Wiki Markup Non-member can send a note to the appropriate keeper of NDAs on jcp-open and the Geronimo PMC with a subject of: \\ \\ \*\*{{*\[TCK\] Request for TCK access for Apache Geronimo TCK materials. Please verify NDA is on file.*}} \\ \\ and includes relevant information about the committer and their request. \\ \\
- Waiting period:
- Geronimo committers will be granted r/w access to svn, TCK wiki and accounts on selene, phoebe and tck01-tck08 upon confirmation of the NDA being on file.
- Other Apache committers will be granted read-only access to svn and TCK wiki (but no access to selene, phoebe, tck01-08) upon confirmation of the NDA being on file.
...