I'd agree with Jarcec on this. I am not on the PMC and don't particularly see a need based on what I've seen, for something other than private@
On Sat, Sep 19, 2015 at 8:10 AM, Jarek Jarcec Cecho <[email protected]> wrote: > I’ve been one of the initial committers/PMC members on Apache Sentry > (security related project) where we’ve decided to create security@ > mailing list immediately after inception. Our motivation was that private@ > is limited only to PMC members by “definition" whereas we might want to > allow committers and other important contributors to sign up for security@. > Yetus is not a security related project, so I guess that using private@ > for that might make sense. Anyway, I just wanted to share this piece of > feedback :) > > I (not being part of PMC)’m fine with not having committer/PMC discussions > on dev@. I’m used to those discussion being on private@ from other > projects :) Otherwise I like the open culture at ASF, so perhaps unless > it’s somehow sensitive topic it would make sense to discuss all in the open > on dev@? > > Jarcec > > > On Sep 19, 2015, at 6:47 AM, Sean Busbey <[email protected]> wrote: > > > > Hi folks! > > > > We need to decide which topics of conversation require being limited to > the > > PMC on private@yetus. > > > > * security vulnerability reports and handling (per foundation policy > since > > we don't have security@) > > > > * I'd like any branding requests (like trademark use by third parties) to > > go to dev@ unless the sender needs special confidentiality > > > > * discussion and votes on new committers and PMC roles often go to > private, > > but need not. If folks are interested, I can look for an example > community > > that does this in public. > > > > What do folks think about the above? In particular, are there folks not > > currently on the PMC that can think of topics they'd like to participate > in > > that might typically and up on private@? > > > > -- > > Sean > >
