commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jochen Wiedmann <jochen.wiedm...@gmail.com>
Subject Security mailing list
Date Fri, 15 Dec 2017 11:13:12 GMT
Hi,

over the last months we have definitely seen our share of security
related issues. However, I also noticed that we had a tendency to
loose these threads in the overall noise, resulting in mails like "Did
anyone reply to the reporter?"

No, according to Linus Torvalds, that is perfectly fine, because a
security issue is "just another bug". However, I am not Linus, and
would like to see these things in a better state.

As a consequence, I'd like to question how others are handling this.
Could we have a mailing list, like security@commons.apache.org,
preferrably with subscription limited to private@ members, and
security@apache.org subscribed automatically. (In theory, we could
subscribe selected committers, too.)

At the very least, this would allow us to create a filter for security
related messages, thereby concentrate our attention.

Jochen


-- 
The next time you hear: "Don't reinvent the wheel!"

http://www.keystonedevelopment.co.uk/wp-content/uploads/2014/10/evolution-of-the-wheel-300x85.jpg

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message