Hi all, Thanks everyone for participating this vote. As we have received only two +1 and there is also one -1 for this vote, according to the bylaws, I'm sorry to announce that this proposal was rejected.
Neverthless, I think we can always restart the discussion in the future if we see more evidence that such a mailing list is necessary. Thanks, Dian > 在 2019年12月3日,下午4:53,Dian Fu <dian0511...@gmail.com> 写道: > > Actually I have tried to find out the reason why so many apache projects > choose to set up a project specific security mailing list in case that the > general secur...@apache.org mailing list seems working well. Unfortunately, > there is no open discussions in these projects and there is also no clear > guideline/standard in the ASF site whether a project should set up such a > mailing list (The project specific security mailing list seems only an > optional and we noticed that at the beginning of the discussion). This is > also one of the main reasons we start such a discussion to see if somebody > has more thoughts about this. > >> 在 2019年12月2日,下午6:03,Chesnay Schepler <ches...@apache.org> 写道: >> >> Would security@f.a.o work as any other private ML? >> >> Contrary to what Becket said in the discussion thread, secur...@apache.org >> is not just "another hop"; it provides guiding material, the security team >> checks for activity and can be pinged easily as they are cc'd in the initial >> report. >> >> I vastly prefer this over a separate mailing list; if these benefits don't >> apply to security@f.a.o I'm -1 on this. >> >> On 02/12/2019 02:28, Becket Qin wrote: >>> Thanks for driving this, Dian. >>> >>> +1 from me, for the reasons I mentioned in the discussion thread. >>> >>> On Tue, Nov 26, 2019 at 12:08 PM Dian Fu <dian0511...@gmail.com> wrote: >>> >>>> NOTE: Only PMC votes is binding. >>>> >>>> Thanks for sharing your thoughts. I also think that this doesn't fall into >>>> any of the existing categories listed in the bylaws. Maybe we could do some >>>> improvements for the bylaws. >>>> >>>> This is not codebase change as Robert mentioned and it's related to how to >>>> manage Flink's development in a good way. So, I agree with Robert and >>>> Jincheng that this VOTE should only count PMC votes for now. >>>> >>>> Thanks, >>>> Dian >>>> >>>>> 在 2019年11月26日,上午11:43,jincheng sun <sunjincheng...@gmail.com> 写道: >>>>> >>>>> I also think that we should only count PMC votes. >>>>> >>>>> This ML is to improve the security mechanism for Flink. Of course we >>>> don't >>>>> expect to use this >>>>> ML often. I hope that it's perfect if this ML is never used. However, the >>>>> Flink community is growing rapidly, it's better to >>>>> make our security mechanism as convenient as possible. But I agree that >>>>> this ML is not a must to have, it's nice to have. >>>>> >>>>> So, I give the vote as +1(binding). >>>>> >>>>> Best, >>>>> Jincheng >>>>> >>>>> Robert Metzger <rmetz...@apache.org> 于2019年11月25日周一 下午9:45写道: >>>>> >>>>>> I agree that we are only counting PMC votes (because this decision goes >>>>>> beyond the codebase) >>>>>> >>>>>> I'm undecided what to vote :) I'm not against setting up a new mailing >>>>>> list, but I also don't think the benefit (having a private list with >>>> PMC + >>>>>> committers) is enough to justify the work involved. As far as I >>>> remember, >>>>>> we have received 2 security issue notices, both basically about the same >>>>>> issue. I'll leave it to other PMC members to support this if they want >>>> to >>>>>> ... >>>>>> >>>>>> >>>>>> On Mon, Nov 25, 2019 at 9:15 AM Dawid Wysakowicz < >>>> dwysakow...@apache.org> >>>>>> wrote: >>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> What is the voting scheme for it? I am not sure if it falls into any of >>>>>>> the categories we have listed in our bylaws. Are committers votes >>>>>>> binding or just PMCs'? (Personally I think it should be PMCs') Is this >>>> a >>>>>>> binding vote or just an informational vote? >>>>>>> >>>>>>> Best, >>>>>>> >>>>>>> Dawid >>>>>>> >>>>>>> On 25/11/2019 07:34, jincheng sun wrote: >>>>>>>> +1 >>>>>>>> >>>>>>>> Dian Fu <dian0511...@gmail.com> 于2019年11月21日周四 下午4:11写道: >>>>>>>> >>>>>>>>> Hi all, >>>>>>>>> >>>>>>>>> According to our previous discussion in [1], I'd like to bring up a >>>>>> vote >>>>>>>>> to set up a secur...@flink.apache.org mailing list. >>>>>>>>> >>>>>>>>> The vote will be open for at least 72 hours (excluding weekend). I'll >>>>>>> try >>>>>>>>> to close it by 2019-11-26 18:00 UTC, unless there is an objection or >>>>>> not >>>>>>>>> enough votes. >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> Dian >>>>>>>>> >>>>>>>>> [1] >>>>>>>>> >>>> http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/DISCUSS-Expose-or-setup-a-security-flink-apache-org-mailing-list-for-security-report-and-discussion-tt34950.html#a34951 >>>>>>> >>>> >> >