+1 -David
> On 24 Jul 2016, at 05:32, Jacopo Cappellato > <[email protected]> wrote: > > Rationale: every ASF project needs a private list to discuss product > vulnerabilities; for OFBiz the "private" list has been used for this > purpose until now; however an ad-hoc list may be useful because it could > provide a more focused space to discuss the security issues and could > provide more flexibility to invite in the private list persons willing to > help that are trusted by the PMC. > > Please vote, > > +1 > > to create a "security" list (i.e. [email protected]) and move all > the security related discussions and notifications currently happening on > the private list to this new list: according to the ASF policies [*] the > list will be a private list used by the persons willing to help to resolve > security issues; the list of subscribers will be approved by the OFBiz PMC. > > Otherwise vote -1 to continue to use the "private" mailing list for > vulnerability handling. > > [*] http://www.apache.org/security/
