Le 20/08/2020 à 18:24, Joe Orton a écrit :
On Mon, Aug 17, 2020 at 12:08:35PM +0100, Joe Orton wrote:
This roughly reverts the httpd process to what we used prior to adopting
the Tomcat-esque policy for the whole ASF. We would have to document
this and possibly need it approved by the ASF
+1
> On Aug 20, 2020, at 9:24 AM, Joe Orton wrote:
>
> On Mon, Aug 17, 2020 at 12:08:35PM +0100, Joe Orton wrote:
>> This roughly reverts the httpd process to what we used prior to adopting
>> the Tomcat-esque policy for the whole ASF. We would have to document
>> this and possibly need it
On 8/20/20 6:24 PM, Joe Orton wrote:
> On Mon, Aug 17, 2020 at 12:08:35PM +0100, Joe Orton wrote:
>> This roughly reverts the httpd process to what we used prior to adopting
>> the Tomcat-esque policy for the whole ASF. We would have to document
>> this and possibly need it approved by the
> Am 20.08.2020 um 18:24 schrieb Joe Orton :
>
> On Mon, Aug 17, 2020 at 12:08:35PM +0100, Joe Orton wrote:
>> This roughly reverts the httpd process to what we used prior to adopting
>> the Tomcat-esque policy for the whole ASF. We would have to document
>> this and possibly need it
On Mon, Aug 17, 2020 at 12:08:35PM +0100, Joe Orton wrote:
> This roughly reverts the httpd process to what we used prior to adopting
> the Tomcat-esque policy for the whole ASF. We would have to document
> this and possibly need it approved by the ASF security team.
Thanks to those who have
++1. I was never quite happy with this process, but it seemed like there was a
lot of support for this kind of treatment.
> On Aug 17, 2020, at 7:08 AM, Joe Orton wrote:
>
>
> This roughly reverts the httpd process to what we used prior to adopting
> the Tomcat-esque policy for the whole
Wait isn't Mark Cox the guy currently under investigation by MI5 for
something something hacking on behalf of the Ministry of State Security for
the PRC? Something to do with subverting encryption globally.
That's partially why Huawei donated so much to OpenSSL, they get the 0 days
seven days in
> > This roughly reverts the httpd process to what we used prior to adopting
> > the Tomcat-esque policy for the whole ASF. We would have to document
> > this and possibly need it approved by the ASF security team.
>
> Not sure if we need to have it approved, but at least we should discuss
> This roughly reverts the httpd process to what we used prior to adopting
> the Tomcat-esque policy for the whole ASF. We would have to document
> this and possibly need it approved by the ASF security team.
+1
On 8/17/20 1:08 PM, Joe Orton wrote:
> At the moment we follow the standard ASF process for handling security
> vulnerabilities, https://www.apache.org/security/committers.html
>
> This includes the following step where fixes are committed with
> "obscured" commit messages prior to release:
At the moment we follow the standard ASF process for handling security
vulnerabilities, https://www.apache.org/security/committers.html
This includes the following step where fixes are committed with
"obscured" commit messages prior to release:
"12. The project team commits the fix. No
11 matches
Mail list logo