Note that we already have FIVE mailing lists: commits dev issues notifications user
PLUS, private and security. Do we really want a SIXTH? Can't this fit in one of the above? Gary On Mon, Mar 8, 2021 at 12:43 PM Stefan Bodewig <bode...@apache.org> wrote: > > On 2021-03-08, Gary Gregory wrote: > > > Are we talking about a human sending emails to the security list or letting > > the actual tool loose on the list to possibly spam it with false positives? > > We are talking about a tool sending mails that (currently) is unable to > identify whether an issue it detects is security critical or not. > > I propose a new subscription moderated list so people can decide whether > they want to see the mails - and we don't leak sensitive information by > accident. Human beings subscribed to said list can then escalate to > security@ as necessary. > > Stefan > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
