Yep that’s why I said let’s use the already 2 mailing lists [email protected] and [email protected]
Let’s not create a 3rd - Carlos Santana @csantanapr > On Mar 21, 2019, at 8:54 AM, Matt Sicker <[email protected]> wrote: > > Security mailing lists should also be private and only accessible to PMC > members (and ASF members). > >> On Thu, Mar 21, 2019 at 04:03, Carlos Santana <[email protected]> wrote: >> >> That’s fine to have a page and security mailing list. >> >> Who is from the PPMC is going to monitor the security@ mailing list? >> >> I’m already subscribe to private@ >> >> I would not want sensitive topics and reports to be discuss in this >> security ML is people anyone is allowed to be subscribe. >> >> The ASF process still need to be followed anyway and any reports we would >> need to loop in [email protected] anyway >> >> I bet people would email by mistake [email protected] with >> sensitive data when they should have use [email protected] and also bet >> we will be explaining multiple time when to use each ML list. >> >> I we have such ML list I certainly will not be using it or subscribing and >> expect any serious reports and findings to find their way to private@ >> >> Is their are users that security questions on how to do something or >> someone sharing best practice for security they can certainly use the dev@ >> list we have today >> >> +1 to have a security page >> -1 to have yet another ML list [email protected] >> >> - Carlos Santana >> @csantanapr >> >>> On Mar 21, 2019, at 4:28 AM, Bertrand Delacretaz <[email protected]> >> wrote: >>> >>> Hi, >>> >>>> On Wed, Mar 20, 2019 at 10:43 PM Carlos Santana <[email protected]> >> wrote: >>>> For security reports, ASF already have a process let's not improvise.. >>> >>> Agreed but it's fine for projects to have their own security page, as >>> long as the ASF process is followed. >>> >>>> ... Reported should send email to [email protected] ... >>> >>> It's also ok for projects to have their own security@ list, see >>> https://sling.apache.org/project-information/security.html for an >>> example. >>> >>> -Bertrand >> > -- > Matt Sicker <[email protected]>
