Le 24/07/2016 à 14:55, Jacques Le Roux a écrit :
Yes Michael.
+1 for me also for the security list
I noted that this will allow your contact info to be published here:
https://www.apache.org/security/projects.html
Typo, it's : our contact info
Jacques
Thanks
Jacques
Le 24/07/2016 à 14:43, Michael Brohl a écrit :
+1
The "private" mailing list is only for PMC members of the project?
Regards,
Michael Brohl
ecomify GmbH
www.ecomify.de
Am 24.07.16 um 14:32 schrieb Jacopo Cappellato:
Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.
Please vote,
+1
to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.
Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.
[*] http://www.apache.org/security/
