From ec68a5280ba7305e8c33f0fba6d2922cec81a97d Mon Sep 17 00:00:00 2001 From: PJ Fanning Date: Wed, 18 Jan 2023 16:22:05 +0100 Subject: [PATCH] update security docs (#114) --- docs/src/main/paradox/security/index.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/src/main/paradox/security/index.md b/docs/src/main/paradox/security/index.md index f4a20b6cd4..cd919f06be 100644 --- a/docs/src/main/paradox/security/index.md +++ b/docs/src/main/paradox/security/index.md @@ -2,19 +2,20 @@ ## Receiving Security Advisories -The best way to receive any and all security announcements is to subscribe to the [Pekko security list](https://groups.google.com/forum/#!forum/akka-security). +The best way to receive any and all security announcements is to subscribe to the [Apache Announce Mailing List](https://lists.apache.org/list.html?announce@apache.org). -The mailing list is very low traffic, and receives notifications only after security reports have been managed by the core team and fixes are publicly available. +This mailing list has a reasonable level of traffic, and receives notifications only after security reports have been managed by the core Apache teams and fixes are publicly available. + +This mailing list also has announcements of releases for Apache projects. ## Reporting Vulnerabilities We strongly encourage people to report such problems to our private security mailing list first, before disclosing them in a public forum. -Following best practice, we strongly encourage anyone to report potential security -vulnerabilities to [security@pekko.io](mailto:security@pekko.io) before disclosing them in a public forum like the mailing list or as a GitHub issue. +Please follow the [guidelines](https://www.apache.org/security/) laid down by the Apache Security team. -Reports to this email address will be handled by our security team, who will work together with you -to ensure that a fix can be provided without delay. +Ideally, any issues affecting Apache Pekko and Akka should be reported to Apache team first. We will share the +report with the Lightbend Akka team. ## Security Related Documentation