I like the idea of security-discuss. Helps highlight that it's not the list to report vulnerabilities to unlike seclists or security@ addresses.
On Mon, Sep 20, 2021 at 1:27 AM Mark J. Cox <m...@apache.org> wrote: > > On 2021/09/19 21:44:34, Dave Fisher <wave4d...@comcast.net> wrote: > > This is a good idea. Assuming that this is a public list then either pick > > another name, or do not use self serve to request it, instead use an INFRA > > JIRA ticket. > > > > Security@ lists requested through self serve become private mailing lists > > with emails mirrored on secur...@apache.org. > > That's a great point, the "security@*" prefix has a special meaning, and > "secure-development" or "secdev" limits the scope. "security-discuss@" was > mentioned as an alternative, and that would match the way we have a > "legal-discuss@". > > I still like this living in the community project though, because the likely > outcome of the discussion are collation of resources and practices and the > right place for them is in comdev. > > So how does security-disc...@community.apache.org sound? > > Cheers, Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
