commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Re: Security mailing list
Date Sun, 17 Dec 2017 15:07:32 GMT
I there a requirement to double post to s@a.o? If not switching from s@a.o
to s@c.a.o seems ok.

Gary

On Dec 17, 2017 03:31, "Jochen Wiedmann" <jochen.wiedmann@gmail.com> wrote:

> I think, that the topic would deserve a few more replies.
>
> Jochen
>
>
> On Fri, Dec 15, 2017 at 6:07 PM, sebb <sebbaz@gmail.com> wrote:
> > On 15 December 2017 at 16:12, Matt Sicker <boards@gmail.com> wrote:
> >> There certainly are several ASF projects that have dedicated security@
> >> mailing lists (e.g., Tomcat has one). Would bug reporters still just
> email
> >> security@apache.org and then security@ would forward to the appropriate
> >> commons list?
> >
> > Either.
> >
> > If they mail security@a.o then they will forward to security@commons
> >
> > If they mail security@commons, then security@a.o is automatically
> copied.
> >
> >> On 15 December 2017 at 08:03, Gilles <gilles@harfang.homelinux.org>
> wrote:
> >>
> >>> On Fri, 15 Dec 2017 12:13:12 +0100, Jochen Wiedmann wrote:
> >>>
> >>>> Hi,
> >>>>
> >>>> over the last months we have definitely seen our share of security
> >>>> related issues. However, I also noticed that we had a tendency to
> >>>> loose these threads in the overall noise, resulting in mails like "Did
> >>>> anyone reply to the reporter?"
> >>>>
> >>>> No, according to Linus Torvalds, that is perfectly fine, because a
> >>>> security issue is "just another bug". However, I am not Linus, and
> >>>> would like to see these things in a better state.
> >>>>
> >>>> As a consequence, I'd like to question how others are handling this.
> >>>> Could we have a mailing list, like security@commons.apache.org,
> >>>>
> >>>
> >>> +1
> >>>
> >>> Gilles
> >>>
> >>> preferrably with subscription limited to private@ members, and
> >>>> security@apache.org subscribed automatically. (In theory, we could
> >>>> subscribe selected committers, too.)
> >>>>
> >>>> At the very least, this would allow us to create a filter for security
> >>>> related messages, thereby concentrate our attention.
> >>>>
> >>>> Jochen
> >>>>
> >>>
> >>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> >>> For additional commands, e-mail: dev-help@commons.apache.org
> >>>
> >>>
> >>
> >>
> >> --
> >> Matt Sicker <boards@gmail.com>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> > For additional commands, e-mail: dev-help@commons.apache.org
> >
>
>
>
> --
> The next time you hear: "Don't reinvent the wheel!"
>
> http://www.keystonedevelopment.co.uk/wp-content/uploads/2014/10/
> evolution-of-the-wheel-300x85.jpg
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message