I’ve been one of the initial committers/PMC members on Apache Sentry (security related project) where we’ve decided to create security@ mailing list immediately after inception. Our motivation was that private@ is limited only to PMC members by “definition" whereas we might want to allow committers and other important contributors to sign up for security@. Yetus is not a security related project, so I guess that using private@ for that might make sense. Anyway, I just wanted to share this piece of feedback :)
I (not being part of PMC)’m fine with not having committer/PMC discussions on dev@. I’m used to those discussion being on private@ from other projects :) Otherwise I like the open culture at ASF, so perhaps unless it’s somehow sensitive topic it would make sense to discuss all in the open on dev@? Jarcec > On Sep 19, 2015, at 6:47 AM, Sean Busbey <[email protected]> wrote: > > Hi folks! > > We need to decide which topics of conversation require being limited to the > PMC on private@yetus. > > * security vulnerability reports and handling (per foundation policy since > we don't have security@) > > * I'd like any branding requests (like trademark use by third parties) to > go to dev@ unless the sender needs special confidentiality > > * discussion and votes on new committers and PMC roles often go to private, > but need not. If folks are interested, I can look for an example community > that does this in public. > > What do folks think about the above? In particular, are there folks not > currently on the PMC that can think of topics they'd like to participate in > that might typically and up on private@? > > -- > Sean
