​Makes sense.  +1 to adding a security list, especially since it ties in
with secur...@apache.org.

Alan.​

On Wed, Apr 11, 2018 at 7:40 AM, Owen O'Malley <owen.omal...@gmail.com>
wrote:

> The biggest advantage is that email to secur...@tlp.apache.org is
> automatically forwarded to secur...@apache.org allowing them to track the
> issues.
>
> It also allows the project to include committers who aren't PMC members on
> the list and makes it easier to search your email for the relevant
> problems.
>
> Thanks,
>    Owen
>
> On Tue, Apr 10, 2018 at 1:56 PM, Matt Burgess <mattyb...@apache.org>
> wrote:
>
> > Alan,
> >
> > We have a separate security list on the NiFi PMC, and it is mostly for
> > opt-in and for localizing the archive so you can quickly search for
> > security stuff on the security list and not see it all show up on the
> > private list. There tends to be a decent amount of discussion around
> > security issues that can clutter the private list. Not making a
> > recommendation here, just sharing what I know :)
> >
> > Regards,
> > Matt
> >
> >
> > On Tue, Apr 10, 2018 at 4:01 PM, Alan Gates <alanfga...@gmail.com>
> wrote:
> > > What's the benefit of having this separate from the private list?
> > >
> > > Alan.
> > >
> > > On Tue, Apr 10, 2018 at 11:15 AM, Owen O'Malley <
> owen.omal...@gmail.com>
> > > wrote:
> > >
> > >> I'd like to move forward on this. Any comments?
> > >>
> > >> On Fri, Dec 1, 2017 at 1:40 PM, Owen O'Malley <owen.omal...@gmail.com
> >
> > >> wrote:
> > >>
> > >> > All,
> > >> >    I think as we add column encryption in ORC-14, we'll need to
> start
> > >> > handling security issues. I think it would be good to create a
> > security
> > >> > list and policy before we need it.
> > >> >
> > >> > Thoughts?
> > >> >
> > >> > .. Owen
> > >> >
> > >>
> >
>

Reply via email to