+1 good idea On Jul 24, 2016 3:56 PM, "Jacques Le Roux" <[email protected]> wrote:
Le 24/07/2016 à 14:55, Jacques Le Roux a écrit : > Yes Michael. > > +1 for me also for the security list > > I noted that this will allow your contact info to be published here: > https://www.apache.org/security/projects.html > Typo, it's : our contact info Jacques > Thanks > > Jacques > > > Le 24/07/2016 à 14:43, Michael Brohl a écrit : > >> +1 >> >> The "private" mailing list is only for PMC members of the project? >> >> Regards, >> Michael Brohl >> ecomify GmbH >> www.ecomify.de >> >> >> Am 24.07.16 um 14:32 schrieb Jacopo Cappellato: >> >>> Rationale: every ASF project needs a private list to discuss product >>> vulnerabilities; for OFBiz the "private" list has been used for this >>> purpose until now; however an ad-hoc list may be useful because it could >>> provide a more focused space to discuss the security issues and could >>> provide more flexibility to invite in the private list persons willing to >>> help that are trusted by the PMC. >>> >>> Please vote, >>> >>> +1 >>> >>> to create a "security" list (i.e. [email protected]) and move >>> all >>> the security related discussions and notifications currently happening on >>> the private list to this new list: according to the ASF policies [*] the >>> list will be a private list used by the persons willing to help to >>> resolve >>> security issues; the list of subscribers will be approved by the OFBiz >>> PMC. >>> >>> Otherwise vote -1 to continue to use the "private" mailing list for >>> vulnerability handling. >>> >>> [*] http://www.apache.org/security/ >>> >>> >> >> > >
