Policy on sharing sensitive information with Infra

It is sometimes necessary for you to share sensitive information with the Infrastructure team so that Infra can resolve a problem:

Your LDAP credentials no longer work
Your project's code has a security vulnerability
You need to share personally-identifying information (PII), yours or someone else's
You need to pass an organization secret to Infra to be stored in GitHub

Do not share such information on an ASF Slack channel, a public email thread, as a comment on a Jira ticket, or as a GitHub issue.

Do share it in an email to root@infra.apache.org. Do not copy or blind-copy the message you are sending to any other address.

Copyright 2025, The Apache Software Foundation, Licensed under the Apache License, Version 2.0.
Apache® and the Apache logo are trademarks of The Apache Software Foundation.