I think, that the topic would deserve a few more replies. Jochen
On Fri, Dec 15, 2017 at 6:07 PM, sebb <[email protected]> wrote: > On 15 December 2017 at 16:12, Matt Sicker <[email protected]> wrote: >> There certainly are several ASF projects that have dedicated security@ >> mailing lists (e.g., Tomcat has one). Would bug reporters still just email >> [email protected] and then security@ would forward to the appropriate >> commons list? > > Either. > > If they mail [email protected] then they will forward to security@commons > > If they mail security@commons, then [email protected] is automatically copied. > >> On 15 December 2017 at 08:03, Gilles <[email protected]> wrote: >> >>> On Fri, 15 Dec 2017 12:13:12 +0100, Jochen Wiedmann wrote: >>> >>>> Hi, >>>> >>>> over the last months we have definitely seen our share of security >>>> related issues. However, I also noticed that we had a tendency to >>>> loose these threads in the overall noise, resulting in mails like "Did >>>> anyone reply to the reporter?" >>>> >>>> No, according to Linus Torvalds, that is perfectly fine, because a >>>> security issue is "just another bug". However, I am not Linus, and >>>> would like to see these things in a better state. >>>> >>>> As a consequence, I'd like to question how others are handling this. >>>> Could we have a mailing list, like [email protected], >>>> >>> >>> +1 >>> >>> Gilles >>> >>> preferrably with subscription limited to private@ members, and >>>> [email protected] subscribed automatically. (In theory, we could >>>> subscribe selected committers, too.) >>>> >>>> At the very least, this would allow us to create a filter for security >>>> related messages, thereby concentrate our attention. >>>> >>>> Jochen >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >> >> >> -- >> Matt Sicker <[email protected]> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > -- The next time you hear: "Don't reinvent the wheel!" http://www.keystonedevelopment.co.uk/wp-content/uploads/2014/10/evolution-of-the-wheel-300x85.jpg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
