I would also like to help in this endeavor... -Donald
Kresten Krab Thorup (Trifork) wrote:
I'd be happy to be part of this also. Kresten Krab Thorup [EMAIL PROTECTED] On Nov 19, 2005, at 5:19 AM, Aaron Mulder wrote:All, I'd really like to have a group of interested and available people to review security-related changes to Geronimo. And by this I mean, features dealing with SSL, security realms, storing files with passwords, showing passwords in the console, establishing procedures for "locking down the server", reviewing vulnerability reports, etc. I don't really mean nitty gritty details of JACC or conducting a comprehensive security audit of the entire codebase. What would people think of that, and are there any volunteers? I should also note that I expect some vulnerabilities to be reported to the PMC rather than to the public list, but I think a lot can be done outside the PMC as well (or maybe I should exclude reviewing vulnerability reports from what I'm talking about, I don't know if there's a policy there). Thanks, Aaron
smime.p7s
Description: S/MIME Cryptographic Signature
