+1 Thanks & Regards -- Deepak Dixit www.hotwaxsystems.com
On Mon, Jul 25, 2016 at 10:08 AM, Scott Gray <scott.g...@hotwaxsystems.com> wrote: > Do we actually need a separate mailing list, or should it just forward to > private@? > > Regards > Scott > > On 25 July 2016 at 15:58, Ashish Vijaywargiya < > ashish.vijaywarg...@hotwaxsystems.com> wrote: > > > +1 > > > > -- > > Kind Regards > > Ashish Vijaywargiya > > HotWax Systems - est. 1997 > > > > > > On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato < > > jacopo.cappell...@hotwaxsystems.com> wrote: > > > > > Rationale: every ASF project needs a private list to discuss product > > > vulnerabilities; for OFBiz the "private" list has been used for this > > > purpose until now; however an ad-hoc list may be useful because it > could > > > provide a more focused space to discuss the security issues and could > > > provide more flexibility to invite in the private list persons willing > to > > > help that are trusted by the PMC. > > > > > > Please vote, > > > > > > +1 > > > > > > to create a "security" list (i.e. secur...@ofbiz.apache.org) and move > > all > > > the security related discussions and notifications currently happening > on > > > the private list to this new list: according to the ASF policies [*] > the > > > list will be a private list used by the persons willing to help to > > resolve > > > security issues; the list of subscribers will be approved by the OFBiz > > PMC. > > > > > > Otherwise vote -1 to continue to use the "private" mailing list for > > > vulnerability handling. > > > > > > [*] http://www.apache.org/security/ > > > > > >