commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Romain Manni-Bucau <rmannibu...@gmail.com>
Subject Re: Security mailing list
Date Sun, 17 Dec 2017 11:22:02 GMT
+1

Le 17 déc. 2017 12:14, "Mark Thomas" <markt@apache.org> a écrit :

> On 15/12/2017 11:13, Jochen Wiedmann wrote:
> > Hi,
> >
> > over the last months we have definitely seen our share of security
> > related issues. However, I also noticed that we had a tendency to
> > loose these threads in the overall noise, resulting in mails like "Did
> > anyone reply to the reporter?"
> >
> > No, according to Linus Torvalds, that is perfectly fine, because a
> > security issue is "just another bug". However, I am not Linus, and
> > would like to see these things in a better state.
> >
> > As a consequence, I'd like to question how others are handling this.
> > Could we have a mailing list, like security@commons.apache.org,
> > preferrably with subscription limited to private@ members, and
> > security@apache.org subscribed automatically. (In theory, we could
> > subscribe selected committers, too.)
>
> +1
>
> Works for me.
>
> Mark
>
> >
> > At the very least, this would allow us to create a filter for security
> > related messages, thereby concentrate our attention.
> >
> > Jochen
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message