I guess we need at least a separate list to grant access to non OFBiz-PMC/ASF
members
Jacques
Le 25/07/2016 à 06:38, Scott Gray a écrit :
Do we actually need a separate mailing list, or should it just forward to
private@?
Regards
Scott
On 25 July 2016 at 15:58, Ashish Vijaywargiya <
ashish.vijaywarg...@hotwaxsystems.com> wrote:
+1
--
Kind Regards
Ashish Vijaywargiya
HotWax Systems - est. 1997
On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato <
jacopo.cappell...@hotwaxsystems.com> wrote:
Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.
Please vote,
+1
to create a "security" list (i.e. secur...@ofbiz.apache.org) and move
all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to
resolve
security issues; the list of subscribers will be approved by the OFBiz
PMC.
Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.
[*] http://www.apache.org/security/
