Haha, I went to submit the form and found that the mailing list already exists. Owen requested it at the beginning with all the others.
On Thu, Jun 9, 2016 at 8:51 AM, Billie Rinaldi <[email protected]> wrote: > Done. > > > On Thu, Jun 9, 2016 at 8:01 AM, Casey Stella <[email protected]> wrote: > >> So, evidently this is something only mentors or people from the Incubator >> PMC can do. >> Will one of the mentors please request this for us @ >> https://infra.apache.org/officers/mlreq/incubator >> ? >> >> Thanks, >> >> Casey >> >> On Thu, Jun 9, 2016 at 10:35 AM, Casey Stella <[email protected]> wrote: >> >> > I filed a infra ticket for this: >> > https://issues.apache.org/jira/browse/INFRA-12071 >> > >> > >> > On Thu, Jun 9, 2016 at 9:43 AM, Michael Miklavcic < >> > [email protected]> wrote: >> > >> >> Hi all, >> >> >> >> Motion to create a [email protected] mailing list ( >> >> http://apache.org/dev/committers.html#mail) >> >> >> >> Best, >> >> Michael Miklavcic >> >> >> >> >> >> On Thu, Jun 2, 2016 at 1:30 PM, Owen O'Malley <[email protected]> >> wrote: >> >> >> >> > I'd also recommend that you create a >> >> [email protected] >> >> > for users to report any security issues they discover. >> >> > >> >> > .. Owen >> >> > >> >> > On Thu, Jun 2, 2016 at 10:28 AM, Casey Stella <[email protected]> >> >> wrote: >> >> > >> >> > > Sorry, it's deleted now. We will be more careful in the future. >> >> > > >> >> > > Thanks for the vigilance, Larry. >> >> > > >> >> > > Casey >> >> > > >> >> > > On Thu, Jun 2, 2016 at 1:24 PM, larry mccay <[email protected]> >> >> wrote: >> >> > > >> >> > > > All - >> >> > > > >> >> > > > Please become familiar with of the Apache process for reporting, >> >> > > > discussing, filing JIRAs and fixing security vulnerabilities [1]. >> >> > > > >> >> > > > METRON-198 has exposed more than we should in a public manner and >> >> the >> >> > > > attached report should be removed. >> >> > > > >> >> > > > Details of any particular issues should only be discussed on a >> >> > project's >> >> > > > security or private list and it needs to also include the >> >> [email protected] >> >> > > > list. >> >> > > > >> >> > > > Fixes need to be discussed and agreed upon on the private list >> and >> >> > JIRAs >> >> > > > filed to commit the fix should be vague and as general as >> possible >> >> - so >> >> > > as >> >> > > > not to disclose the details of the vulnerabilities and inform the >> >> > > > development of exploits. >> >> > > > >> >> > > > Also, pay attention to the CVE related aspects of the process in >> the >> >> > page >> >> > > > referenced below. >> >> > > > >> >> > > > thanks, >> >> > > > >> >> > > > --larry >> >> > > > >> >> > > > 1. http://www.apache.org/security/committers.html >> >> > > > >> >> > > >> >> > >> >> >> > >> > >> > >
