metron-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Billie Rinaldi <bil...@apache.org>
Subject Re: Apache Security Process
Date Thu, 09 Jun 2016 15:53:41 GMT
Haha, I went to submit the form and found that the mailing list already
exists.  Owen requested it at the beginning with all the others.

On Thu, Jun 9, 2016 at 8:51 AM, Billie Rinaldi <billie@apache.org> wrote:

> Done.
>
>
> On Thu, Jun 9, 2016 at 8:01 AM, Casey Stella <cestella@gmail.com> wrote:
>
>> So, evidently this is something only mentors or people from the Incubator
>> PMC can do.
>> Will one of the mentors please request this for us @
>> https://infra.apache.org/officers/mlreq/incubator
>> ?
>>
>> Thanks,
>>
>> Casey
>>
>> On Thu, Jun 9, 2016 at 10:35 AM, Casey Stella <cestella@gmail.com> wrote:
>>
>> > I filed a infra ticket for this:
>> > https://issues.apache.org/jira/browse/INFRA-12071
>> >
>> >
>> > On Thu, Jun 9, 2016 at 9:43 AM, Michael Miklavcic <
>> > michael.miklavcic@gmail.com> wrote:
>> >
>> >> Hi all,
>> >>
>> >> Motion to create a security@metron.incubator.apache.org mailing list (
>> >> http://apache.org/dev/committers.html#mail)
>> >>
>> >> Best,
>> >> Michael Miklavcic
>> >>
>> >>
>> >> On Thu, Jun 2, 2016 at 1:30 PM, Owen O'Malley <omalley@apache.org>
>> wrote:
>> >>
>> >> > I'd also recommend that you create a
>> >> security@metron.incubator.apache.org
>> >> > for users to report any security issues they discover.
>> >> >
>> >> > .. Owen
>> >> >
>> >> > On Thu, Jun 2, 2016 at 10:28 AM, Casey Stella <cestella@gmail.com>
>> >> wrote:
>> >> >
>> >> > > Sorry, it's deleted now.  We will be more careful in the future.
>> >> > >
>> >> > > Thanks for the vigilance, Larry.
>> >> > >
>> >> > > Casey
>> >> > >
>> >> > > On Thu, Jun 2, 2016 at 1:24 PM, larry mccay <lmccay@apache.org>
>> >> wrote:
>> >> > >
>> >> > > > All -
>> >> > > >
>> >> > > > Please become familiar with of the Apache process for reporting,
>> >> > > > discussing, filing JIRAs and fixing security vulnerabilities
[1].
>> >> > > >
>> >> > > > METRON-198 has exposed more than we should in a public manner
and
>> >> the
>> >> > > > attached report should be removed.
>> >> > > >
>> >> > > > Details of any particular issues should only be discussed
on a
>> >> > project's
>> >> > > > security or private list and it needs to also include the
>> >> security@a.o
>> >> > > > list.
>> >> > > >
>> >> > > > Fixes need to be discussed and agreed upon on the private
list
>> and
>> >> > JIRAs
>> >> > > > filed to commit the fix should be vague and as general as
>> possible
>> >> - so
>> >> > > as
>> >> > > > not to disclose the details of the vulnerabilities and inform
the
>> >> > > > development of exploits.
>> >> > > >
>> >> > > > Also, pay attention to the CVE related aspects of the process
in
>> the
>> >> > page
>> >> > > > referenced below.
>> >> > > >
>> >> > > > thanks,
>> >> > > >
>> >> > > > --larry
>> >> > > >
>> >> > > > 1. http://www.apache.org/security/committers.html
>> >> > > >
>> >> > >
>> >> >
>> >>
>> >
>> >
>>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message