commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: Security mailing list
Date Fri, 15 Dec 2017 17:07:24 GMT
On 15 December 2017 at 16:12, Matt Sicker <boards@gmail.com> wrote:
> There certainly are several ASF projects that have dedicated security@
> mailing lists (e.g., Tomcat has one). Would bug reporters still just email
> security@apache.org and then security@ would forward to the appropriate
> commons list?

Either.

If they mail security@a.o then they will forward to security@commons

If they mail security@commons, then security@a.o is automatically copied.

> On 15 December 2017 at 08:03, Gilles <gilles@harfang.homelinux.org> wrote:
>
>> On Fri, 15 Dec 2017 12:13:12 +0100, Jochen Wiedmann wrote:
>>
>>> Hi,
>>>
>>> over the last months we have definitely seen our share of security
>>> related issues. However, I also noticed that we had a tendency to
>>> loose these threads in the overall noise, resulting in mails like "Did
>>> anyone reply to the reporter?"
>>>
>>> No, according to Linus Torvalds, that is perfectly fine, because a
>>> security issue is "just another bug". However, I am not Linus, and
>>> would like to see these things in a better state.
>>>
>>> As a consequence, I'd like to question how others are handling this.
>>> Could we have a mailing list, like security@commons.apache.org,
>>>
>>
>> +1
>>
>> Gilles
>>
>> preferrably with subscription limited to private@ members, and
>>> security@apache.org subscribed automatically. (In theory, we could
>>> subscribe selected committers, too.)
>>>
>>> At the very least, this would allow us to create a filter for security
>>> related messages, thereby concentrate our attention.
>>>
>>> Jochen
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
>> For additional commands, e-mail: dev-help@commons.apache.org
>>
>>
>
>
> --
> Matt Sicker <boards@gmail.com>

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
For additional commands, e-mail: dev-help@commons.apache.org


Mime
View raw message