On 06/19/2017 03:35 PM, William A Rowe Jr wrote:
Not to announce@httpd? users@ and dev@ aren't particularly
broadcast channels.
[email protected] might be too wide an audience, but that's why
we document the CVE's with short notes in the foundation-wide
release announcement. At least, used to document them.
I was following Jim's lead on the first CVE announcement. I'm not
opposed to a [SECURITY] announcement for all five; just timid. :)
Any opposed to me copying all five to announce@httpd?
--Jacob
