So, evidently this is something only mentors or people from the Incubator PMC can do. Will one of the mentors please request this for us @ https://infra.apache.org/officers/mlreq/incubator ?
Thanks, Casey On Thu, Jun 9, 2016 at 10:35 AM, Casey Stella <[email protected]> wrote: > I filed a infra ticket for this: > https://issues.apache.org/jira/browse/INFRA-12071 > > > On Thu, Jun 9, 2016 at 9:43 AM, Michael Miklavcic < > [email protected]> wrote: > >> Hi all, >> >> Motion to create a [email protected] mailing list ( >> http://apache.org/dev/committers.html#mail) >> >> Best, >> Michael Miklavcic >> >> >> On Thu, Jun 2, 2016 at 1:30 PM, Owen O'Malley <[email protected]> wrote: >> >> > I'd also recommend that you create a >> [email protected] >> > for users to report any security issues they discover. >> > >> > .. Owen >> > >> > On Thu, Jun 2, 2016 at 10:28 AM, Casey Stella <[email protected]> >> wrote: >> > >> > > Sorry, it's deleted now. We will be more careful in the future. >> > > >> > > Thanks for the vigilance, Larry. >> > > >> > > Casey >> > > >> > > On Thu, Jun 2, 2016 at 1:24 PM, larry mccay <[email protected]> >> wrote: >> > > >> > > > All - >> > > > >> > > > Please become familiar with of the Apache process for reporting, >> > > > discussing, filing JIRAs and fixing security vulnerabilities [1]. >> > > > >> > > > METRON-198 has exposed more than we should in a public manner and >> the >> > > > attached report should be removed. >> > > > >> > > > Details of any particular issues should only be discussed on a >> > project's >> > > > security or private list and it needs to also include the >> [email protected] >> > > > list. >> > > > >> > > > Fixes need to be discussed and agreed upon on the private list and >> > JIRAs >> > > > filed to commit the fix should be vague and as general as possible >> - so >> > > as >> > > > not to disclose the details of the vulnerabilities and inform the >> > > > development of exploits. >> > > > >> > > > Also, pay attention to the CVE related aspects of the process in the >> > page >> > > > referenced below. >> > > > >> > > > thanks, >> > > > >> > > > --larry >> > > > >> > > > 1. http://www.apache.org/security/committers.html >> > > > >> > > >> > >> > >
