Hi all,

Thanks everyone for participating this vote. As we have received only two +1 
and there is also one -1 for this vote, according to the bylaws, I'm sorry to 
announce that this proposal was rejected. 

Neverthless, I think we can always restart the discussion in the future if we 
see more evidence that such a mailing list is necessary.


> 在 2019年12月3日,下午4:53,Dian Fu <dian0511...@gmail.com> 写道:
> Actually I have tried to find out the reason why so many apache projects 
> choose to set up a project specific security mailing list in case that the 
> general secur...@apache.org mailing list seems working well. Unfortunately, 
> there is no open discussions in these projects and there is also no clear 
> guideline/standard in the ASF site whether a project should set up such a 
> mailing list (The project specific security mailing list seems only an 
> optional and we noticed that at the beginning of the discussion). This is 
> also one of the main reasons we start such a discussion to see if somebody 
> has more thoughts about this.
>> 在 2019年12月2日,下午6:03,Chesnay Schepler <ches...@apache.org> 写道:
>> Would security@f.a.o work as any other private ML?
>> Contrary to what Becket said in the discussion thread, secur...@apache.org 
>> is not just "another hop"; it provides guiding material, the security team 
>> checks for activity and can be pinged easily as they are cc'd in the initial 
>> report.
>> I vastly prefer this over a separate mailing list; if these benefits don't 
>> apply to security@f.a.o I'm -1 on this.
>> On 02/12/2019 02:28, Becket Qin wrote:
>>> Thanks for driving this, Dian.
>>> +1 from me, for the reasons I mentioned in the discussion thread.
>>> On Tue, Nov 26, 2019 at 12:08 PM Dian Fu <dian0511...@gmail.com> wrote:
>>>> NOTE: Only PMC votes is binding.
>>>> Thanks for sharing your thoughts. I also think that this doesn't fall into
>>>> any of the existing categories listed in the bylaws. Maybe we could do some
>>>> improvements for the bylaws.
>>>> This is not codebase change as Robert mentioned and it's related to how to
>>>> manage Flink's development in a good way. So, I agree with Robert and
>>>> Jincheng that this VOTE should only count PMC votes for now.
>>>> Thanks,
>>>> Dian
>>>>> 在 2019年11月26日,上午11:43,jincheng sun <sunjincheng...@gmail.com> 写道:
>>>>> I also think that we should only count PMC votes.
>>>>> This ML is to improve the security mechanism for Flink. Of course we
>>>> don't
>>>>> expect to use this
>>>>> ML often. I hope that it's perfect if this ML is never used. However, the
>>>>> Flink community is growing rapidly, it's better to
>>>>> make our security mechanism as convenient as possible. But I agree that
>>>>> this ML is not a must to have, it's nice to have.
>>>>> So, I give the vote as +1(binding).
>>>>> Best,
>>>>> Jincheng
>>>>> Robert Metzger <rmetz...@apache.org> 于2019年11月25日周一 下午9:45写道:
>>>>>> I agree that we are only counting PMC votes (because this decision goes
>>>>>> beyond the codebase)
>>>>>> I'm undecided what to vote :) I'm not against setting up a new mailing
>>>>>> list, but I also don't think the benefit (having a private list with
>>>> PMC +
>>>>>> committers) is enough to justify the work involved. As far as I
>>>> remember,
>>>>>> we have received 2 security issue notices, both basically about the same
>>>>>> issue.  I'll leave it to other PMC members to support this if they want
>>>> to
>>>>>> ...
>>>>>> On Mon, Nov 25, 2019 at 9:15 AM Dawid Wysakowicz <
>>>> dwysakow...@apache.org>
>>>>>> wrote:
>>>>>>> Hi all,
>>>>>>> What is the voting scheme for it? I am not sure if it falls into any of
>>>>>>> the categories we have listed in our bylaws. Are committers votes
>>>>>>> binding or just PMCs'? (Personally I think it should be PMCs') Is this
>>>> a
>>>>>>> binding vote or just an informational vote?
>>>>>>> Best,
>>>>>>> Dawid
>>>>>>> On 25/11/2019 07:34, jincheng sun wrote:
>>>>>>>> +1
>>>>>>>> Dian Fu <dian0511...@gmail.com> 于2019年11月21日周四 下午4:11写道:
>>>>>>>>> Hi all,
>>>>>>>>> According to our previous discussion in [1], I'd like to bring up a
>>>>>> vote
>>>>>>>>> to set up a secur...@flink.apache.org mailing list.
>>>>>>>>> The vote will be open for at least 72 hours (excluding weekend). I'll
>>>>>>> try
>>>>>>>>> to close it by 2019-11-26 18:00 UTC, unless there is an objection or
>>>>>> not
>>>>>>>>> enough votes.
>>>>>>>>> Regards,
>>>>>>>>> Dian
>>>>>>>>> [1]
>>>> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/DISCUSS-Expose-or-setup-a-security-flink-apache-org-mailing-list-for-security-report-and-discussion-tt34950.html#a34951

Reply via email to