[
https://issues.apache.org/jira/browse/MNG-7905?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17901437#comment-17901437
]
Piotr Karwasz commented on MNG-7905:
------------------------------------
We could define some special [developer
role|https://maven.apache.org/pom.html#Developers] for the Security Team.
I understand that the roles are tags and users are allowed to put anything in
there, but we could have a small taxonomy for the ASF and hope it will have a
wider adoption. The purpose of a "Security Team" role seems unambiguous to me.
We could also have an ASF-specific "Project Management Committee" developer
with a link to the current list of PMC members and an e-mail contact for the
developer mailing list.
> Link to security issue reporting information
> --------------------------------------------
>
> Key: MNG-7905
> URL: https://issues.apache.org/jira/browse/MNG-7905
> Project: Maven
> Issue Type: Wish
> Components: Core
> Reporter: Arnout Engelen
> Priority: Minor
>
> The pom.xml already has a place where a project can describe how to report
> issues to the project ('issueManagement'). It might be nice to also provide a
> place to describe how to report security issues to the project, as that might
> be different from regular issues?
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
