Skip to content

feat(security): forwarder-routing policy for trackers with no direct reporter contact#278

Merged
potiuk merged 1 commit into
apache:mainfrom
potiuk:feat-forwarder-routing-policy
May 25, 2026
Merged

feat(security): forwarder-routing policy for trackers with no direct reporter contact#278
potiuk merged 1 commit into
apache:mainfrom
potiuk:feat-forwarder-routing-policy

Conversation

@potiuk

@potiuk potiuk commented May 25, 2026

Copy link
Copy Markdown
Member

Summary

When a tracker has no direct way to reach the original reporter — ASF-security-relay reports, read-only GitHub Private Reporting, AI scan markdown imports, anonymous tips — the skills now route reporter-facing communication through the forwarder (the security-team member or relay service that delivered the report). In that via-forwarder mode, only important lifecycle milestones are relayed. Regular workflow chatter and credit-acceptance confirmation messages are suppressed so the forwarder isn't pinged with low-signal updates that would burn their goodwill.

New policy doc — docs/security/forwarder-routing-policy.md

Detection (four cases):

  1. ASF-security relay (sender = security@apache.org with the forwarding preamble).
  2. Read-only GitHub Private Reporting we have access to but can't reply on.
  3. security-issue-import-from-md-imported trackers (no inbound reporter).
  4. Explicit <!-- apache-steward: routing-mode via-forwarder --> marker comment.

Milestones — DO relay (each carries a short body template referencing the external identifier, never re-stating technical detail):

  • Report accepted as valid
  • Report assessed as invalid
  • Advisory sent
  • Additional information requested

CVE allocated is out of scope (own section): Vulnogram typically emits its own allocation notification, and the team owes the reporter (or forwarder) a single short notification here regardless of routing mode. Same draft body in both modes — no recipient swap, no suppression.

Negative space — DO NOT relay (the credit-acceptance confirmation class):

  • Follow-up "please confirm we will credit you as X" chase-ups.
  • The standalone bot/AI credit-clarification draft.
  • Regular workflow status flips (pr created, pr merged, fix released).
  • Reviewer-comment relays, sync rollup notifications.

The credit question itself (initial one-line ask folded into a milestone draft) is not suppressed — the forwarder might know or might relay it. The distinction: a question is cheap and one-shot; a confirmation demands a reply the forwarder can't supply.

Skills wired in

  • security-issue-import Step 7 ASF-relay branch — canonical via-forwarder receipt-of-confirmation.
  • security-issue-sync reporter-draft section — direct / forwarder / suppress decision with a "skipped reporter draft" recap line for non-milestone events.
  • security-issue-invalidate Step 5d — re-framed as the Report assessed as invalid milestone.
  • security-cve-allocate Step 4 ci: add prek/zizmor/codeql/allowlist workflows, dependabot, .asf.yaml #5 — out-of-scope per policy; same draft body in both modes.
  • tools/vulnogram/bot-credits-policy.md — defers to the new policy; standalone clarification draft suppressed in via-forwarder mode but bot detection still runs.
  • docs/security/README.md + roles.md — link to the policy.

Test plan

  • prek run on all touched files — all hooks pass.
  • Next real ASF-relay import: verify Step 7 receipt folds the credit question in but doesn't open a standalone clarification draft.
  • Next sync against an ASF-relay tracker at pr merged: verify no forwarder draft is proposed (non-milestone) and the recap shows the skip note.

…reporter contact

When a tracker has no direct way to reach the original reporter --
ASF-security-relay reports, read-only GitHub Private Reporting, AI
scan markdown imports, anonymous tips -- the skills now route
reporter-facing communication through the forwarder (the security-
team member or relay service that delivered the report). In that
*via-forwarder mode*, only important lifecycle milestones are
relayed. Regular workflow chatter and credit-acceptance confirmation
messages are suppressed so the forwarder isn't pinged with
low-signal updates that would burn their goodwill.

- New `docs/security/forwarder-routing-policy.md`: single source of
  truth. Defines four ways via-forwarder mode is detected (ASF-relay
  sender, read-only GHSA, -from-md imports, explicit
  `<!-- apache-steward: routing-mode via-forwarder -->` marker).
  Milestones that DO relay: report-accepted-as-valid,
  report-assessed-as-invalid, advisory-sent, additional-information
  requests. Each milestone carries a short body template referencing
  the external identifier (GHSA ID, HackerOne URL) rather than
  re-stating the technical detail.
- *CVE allocated* is intentionally handled OUTSIDE the policy:
  Vulnogram typically emits its own allocation notification, and the
  team owes the reporter (or forwarder) a single short notification
  here regardless of routing mode -- no recipient swap, no
  suppression.
- Negative space is the *credit-acceptance confirmation* class:
  follow-up "please confirm we will credit you as X" chase-ups and
  the standalone bot/AI credit-clarification draft. The credit
  *question* itself (initial one-line ask folded into a milestone
  draft) is NOT suppressed -- the forwarder might know or might
  relay it. The distinction: a question is cheap and one-shot;
  a confirmation demands a reply the forwarder can't supply.
- `security-issue-import` Step 7 ASF-relay branch: re-framed as the
  canonical via-forwarder receipt-of-confirmation. Folds the
  credit question in as a single best-effort line; no standalone
  credit-acceptance confirmation drafts.
- `security-issue-sync` reporter-draft section: applies the policy
  to decide direct vs forwarder vs suppress, with a "skipped
  reporter draft" recap line for non-milestone events.
- `security-issue-invalidate` Step 5d: re-framed as the *Report
  assessed as invalid* milestone; explicit direct vs forwarder
  recipient selection.
- `security-cve-allocate` Step 4 apache#5: re-framed as out-of-scope per
  the policy. Same draft body in both modes; the credit *question*
  is folded in (allowed by the question-vs-confirmation
  distinction), the standalone re-confirmation is suppressed in
  via-forwarder mode.
- `tools/vulnogram/bot-credits-policy.md`: defers to the new
  policy. The standalone bot/AI credit-clarification draft (a
  credit-acceptance confirmation by nature) is suppressed in
  via-forwarder mode; the bot detection itself still runs.
- `docs/security/README.md` deep-doc index + `roles.md` *Shared
  conventions -> Keeping the reporter informed*: link to the
  policy.

Generated-by: Claude Code (Opus 4.7)
@potiuk potiuk merged commit 14d80e6 into apache:main May 25, 2026
13 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant