On Wed, Mar 19, 2008 at 4:52 AM, Nick Lothian <[EMAIL PROTECTED]> wrote:
> I've got a bug report and a patch for security issue. I'm reluctant to > disclose the problem on this list (at least until a roller expert can > evaluate the impact). > > What's the best way to handle this? AIUI in general, each PMC is suppose to have a security sub-committee but in practice this often has to wait until the first time it's needed. if the roller PMC needs some advice then there's the apache security committee should be the first port of call. - robert
