(tooling-docs) branch main updated: CVEs and Security Advisories are now Future Requirements

Tue, 04 Feb 2025 13:34:10 -0800 

This is an automated email from the ASF dual-hosted git repository.

wave pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tooling-docs.git


The following commit(s) were added to refs/heads/main by this push:
     new f780786  CVEs and Security Advisories are now Future Requirements
f780786 is described below

commit f780786532dafe27ad9cdced2245efdc5a992afa
Author: Dave Fisher <[email protected]>
AuthorDate: Tue Feb 4 13:25:59 2025 -0800

    CVEs and Security Advisories are now Future Requirements
---
 apache-trusted-release/requirements.md | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/apache-trusted-release/requirements.md 
b/apache-trusted-release/requirements.md
index 9fbfabf..6fa4156 100644
--- a/apache-trusted-release/requirements.md
+++ b/apache-trusted-release/requirements.md
@@ -34,7 +34,7 @@ While reading consider these Notes:
      - Manual triggers.
      - Tracking performance.
    - Platform includes a RESTful API.
-   - Work with Security Team about integration of CVE information.
+   - Platform perfers to serve static content.
    - Make switching from current manual release process to a minimal ATR 
process very simple.
    - Provide operational status to help Infra monitor ATR operations through 
the IRD.
 
@@ -49,7 +49,6 @@ While reading consider these Notes:
    - SBOMs and Attestations
      - Include dependency and license compliance.
      - Provide clear attribution and information about Release Votes.
-   - CVEs
    - Certificate and Credential Management
      - Manage the signing keys needed for automation.
    - Download Page including available SBOM and verification instructions.
@@ -63,3 +62,8 @@ While reading consider these Notes:
 
    - Retire dist.apache.org svn repository once all 200+ PMCs having fully 
switched over to directly using the **ATR**.
    - Map legacy urls for https://dist.apache.org, https://download.apache.org, 
and https://archive.apache.org to https://releases.apache.org
+
+## 7. Future Requirements
+
+   - Integrate with the [Security Advisory Process](advisory-process.md) to 
make it easy to track applicable advisories on download pages.
+   - Tracking of CVEs in the ATR.


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to