commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gilles <gil...@harfang.homelinux.org>
Subject Re: Security mailing list
Date Fri, 15 Dec 2017 14:03:07 GMT
On Fri, 15 Dec 2017 12:13:12 +0100, Jochen Wiedmann wrote:
> Hi,
>
> over the last months we have definitely seen our share of security
> related issues. However, I also noticed that we had a tendency to
> loose these threads in the overall noise, resulting in mails like 
> "Did
> anyone reply to the reporter?"
>
> No, according to Linus Torvalds, that is perfectly fine, because a
> security issue is "just another bug". However, I am not Linus, and
> would like to see these things in a better state.
>
> As a consequence, I'd like to question how others are handling this.
> Could we have a mailing list, like security@commons.apache.org,

+1

Gilles

> preferrably with subscription limited to private@ members, and
> security@apache.org subscribed automatically. (In theory, we could
> subscribe selected committers, too.)
>
> At the very least, this would allow us to create a filter for 
> security
> related messages, thereby concentrate our attention.
>
> Jochen


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message