Hi Sharan,
OK, no pb
Jacques
Le 18/09/2017 à 10:15, Sharan Foga a écrit :
Hi Jacques
I noted that you sent the original email on a Saturday and not everyone is available to respond over a weekend so would suggest that you wait at
least another day for any feedback.
Thanks
Sharan
On 18/09/17 09:59, Jacques Le Roux wrote:
Actually, we follow https://www.apache.org/security/committers.html and are
right to do.
Since I got no answers I suppose it's a silent consensus and will do 2
Jacques
Le 16/09/2017 à 11:50, Jacques Le Roux a écrit :
Hi,
Maybe you have heard about Equifax and Apache Struts recently.
While following the story on the ASF members side I read some emails which made
me think about our security issues diffusion strategy.
There are 2 things projects like HTTPD and Tomcat do:
1. They amend the commits that fixed the issue by adding a the CVE reference in
the comment
2. Tomcat also includes a link/s to the commit/s that fixed the issue on their
security page.
We already do 1 (at least I found some commits logs amended) but should we not
also do 2 at https://ofbiz.apache.org/download.html ?
Jacques
