The biggest advantage is that email to secur...@tlp.apache.org is automatically forwarded to secur...@apache.org allowing them to track the issues.
It also allows the project to include committers who aren't PMC members on the list and makes it easier to search your email for the relevant problems. Thanks, Owen On Tue, Apr 10, 2018 at 1:56 PM, Matt Burgess <mattyb...@apache.org> wrote: > Alan, > > We have a separate security list on the NiFi PMC, and it is mostly for > opt-in and for localizing the archive so you can quickly search for > security stuff on the security list and not see it all show up on the > private list. There tends to be a decent amount of discussion around > security issues that can clutter the private list. Not making a > recommendation here, just sharing what I know :) > > Regards, > Matt > > > On Tue, Apr 10, 2018 at 4:01 PM, Alan Gates <alanfga...@gmail.com> wrote: > > What's the benefit of having this separate from the private list? > > > > Alan. > > > > On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley <owen.omal...@gmail.com> > > wrote: > > > >> I'd like to move forward on this. Any comments? > >> > >> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley <owen.omal...@gmail.com> > >> wrote: > >> > >> > All, > >> > I think as we add column encryption in ORC-14, we'll need to start > >> > handling security issues. I think it would be good to create a > security > >> > list and policy before we need it. > >> > > >> > Thoughts? > >> > > >> > .. Owen > >> > > >> >