Hi Chris! As Arnout wrote, we set up the public security-discuss list and wiki to be such a working group to capture and share some best practices among our projects. It was the follow-up from some of the good ideas captured after the White House meetings following on from log4shell. Then, anything that we want to make a requirement, rather than a recommended practice, would feed back into the security committee to add into our existing policies. I believe that's the right place for the things you're suggesting.
The list hasn't had a lot of traction, and many of the ideas and thoughts on the wiki didn't get followed up on as it didn't get a lot of interest (mostly lacking volunteers wanting to spend the time on it). So it would be great to get some more feedback, input, and leadership from you there. Regards, Mark ASF Security On 2024/10/10 00:14:27 Christopher Schultz wrote: > Hello! > > I would like to propose a security working group to make recommendations to > projects for how they can establish or improve their security practices. > > I have a list of about 10 things I can think of off the top of my head that I > could propose for such a working group. > > I am also offering to lead this group and provide any coordination with other > ASF resources and the projects themselves. > > Please let me know if comdev thinks this would be a good idea and I’m happy > to get started. > > Thanks! > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
