Monday, January 23, 2017, 8:45:14 AM, Jacopo Cappellato wrote: > On Sun, Jan 22, 2017 at 6:10 PM, Daniel Dekany <[email protected]> wrote: > >> >> Thanks! But, do all PMC members get a notification if there's a mail >> waiting for moderation at [email protected]? Does somebody know >> that (or else I will try it)? >> > > Only the mailing list moderators will receive the message and I am not sure > who they are currently. I think I am (I think I have received some > "moderator" email from private@freemarker) and you should too. > We should ask Infra about the list of moderators for our three lists and > also ask them to update it with the people that are volunteering for this > task. > And we can also ask infra to setup a security@freemarker list. > But we could also proceed with the above two steps right after a successful > graduation when FreeMarker will be a full-fledged top level project. > What do you think?
I have just went ahead and published what you have written on the site (with some minor edits). The related pages: http://freemarker.org/report-security-vulnerabilities.html And I have also added this: http://freemarker.org/committer-howto.html#handle-security-vulnerabilities I have also updated the wiki page to to refer to these under QU30, and set its status to YES. Of course, we can refine this later if there's a need. > Jacopo -- Thanks, Daniel Dekany
