On 2021-02-25 15:06:33 +0000 (+0000), Jeremy Stanley wrote:
On 2021-02-25 09:21:17 +0000 (+0000), Sven Kieske wrote: [...]
That the Link to the Security Contacts on the Website is broken:
https://www.openstack.org/openstack-security/ is a 404 for me.
I found the dead link here:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-announce
Thanks, it looks like we were embedding some very old URLs in the footer for our mailing list site which pointed to the foundation's site for OpenStack rather than the community-managed security information. I have proposed https://review.opendev.org/777602 to correct this oversight.
The change to correct this is now merged and deployed, so the links go to the appropriate location. Thanks again for pointing it out.
Another "Bug" imho is, that there is no information how to contact the security team on the main website, and the search for "security" does not really yield good results how to contact the security team either.
I agree, I've brought this up with the foundation web development team who maintain that website for us, I'll raise it with them again and find out if they can work out something for better discoverability. I'm not sure why it keeps disappearing or getting moved, but I'll do my best to impress on them that having security contact information linked from the most prominent pages (of not every page) is important for our users. [...]
The answer I got was that they used to have a security-related topics page linked in the drop-down navigation and page footers, but removed it because it contained some stale content. Unfortunately it also contained critical links to our community-managed security information site, which they didn't notice/consider. Huge thanks to the foundation web developers for quickly readding a link to https://security.openstack.org/ from the global page footer block for all of https://www.openstack.org/ so that users should be more readily able to find this information again. -- Jeremy Stanley