Versions Compared

Old Version 10

changes.mady.by.user Kevan Miller

Saved on

compared with

New Version 11

changes.mady.by.user Kevan Miller

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Team ACKs security report.
  2. Team investigates report and either rejects it or accepts it.
  3. If rejected, write to submitter and explain why.
  4. If accepted, write to submitter and let them know it is accepted and we are working on a fix.
  5. Request a CVE number from security@a.o
  6. Agree on a fix on our private@ list.
  7. Provide the submitter with a copy of the fix and a draft vulnerability announcement for comment.
  8. Reach an agreement for the fix, announcement and release schedule with the submitter.
  9. Create a JIRA and commit the fix in all actively maintained releases.
  10. Announce the vulnerability (users, dev, security@a.o, bugtraq at securityfocus.com, full-disclosure at lists.grok.org.uk and project security pages)
  11. Update the JIRA and svn log to include the CVE number.
  12. Roll a release for each actively maintained branch (unreleased trunk can wait.)

Access to Geronimo TCK Test Harness

Apache committers can request access to the TCK following this process:

  1. Requester should send a note to jcp-open@apache.org requesting access to the JCP TCKs
  2. Requester should also send sends a note to the PMC list requesting access to the Geronimo Test Harness with a quick summary of their goals.
  3. PMC member acknowledges receipt of the request back to the user.
  4. PMC member confirms that requester has submitted an NDA:
    • ASF members can confirm by inspecting the contents of https://svn.apache.org/repos/private/foundation/Correspondence/JCP/tck-nda-list.txt or
    • Wiki Markup
      Non-member can send a note to the appropriate keeper of NDAs on jcp-open and the Geronimo PMC with a subject of:
\\
\\
\*\*{{*\[TCK\] Request for TCK access for Apache Geronimo TCK materials.   Please verify NDA is on file.*}}
\\
\\
and includes relevant information about the committer and their request.
\\
\\
    • Waiting period:
      • Geronimo committers will be granted r/w access to svn, TCK wiki and accounts on selene, phoebe and tck01-tck08 upon confirmation of the NDA being on file.
      • Other Apache committers will be granted read-only access to svn and TCK wiki (but no access to selene, phoebe, tck01-08) upon confirmation of the NDA being on file.

...