Hi Andrea,
I think I misconveyed my message.
You have good points, but GeoServer is a fairly sizeable community, both
of developers and users. The reason I tried to coax a discussion is because
while there isn't a "GeoServer foundation" (like Mozilla/Apache/Linux etc),
I wondered if maybe the core commercial contributors could work together on
some sort of security scheme; they could point a developer to fix things on
company time when it was warranted. It's in their best interests after all
- if an application gets a reputation as being insecure then who's going to
use it, free or otherwise? And if no-one wants to use it, the organisations
reliant on it are a bit scuppered.
I'm certainly *not* suggesting it's something that individual contributors
must feel compelled to do in their spare time; quite the opposite, I'm
trying to say that GeoServer would benefit from something more formal
(hence originally referencing the PSC). Your example of a months-old XSS
pull demonstrates that it's needed.
When I see people talking so casually about the open source developers
> taking over this work
> in a timely fashion I would like them to have them spend some weekends
> with me as I go
> though bug reports and pull requests instead of getting out and relax a
> bit...
>
I can assure you that I personally have a *lot* of respect and gratitude
towards you as a result of your un-paid contributions to this community.
I've said it before and I'll say it again: Thank you.
(Oh, and my reference to "timely fashion" was because some vendors (i.e.
the likes of Oracle, and co) have historically used "Responsible
Disclosure" as a way to sit on bugs for many months; it was certainly not a
dig at anyone here.)
Cheers,
Jonathan
>
> Cheers
> Andrea
>
> --
> ==
> Meet us at GEO Business 2014! in London! Visit http://goo.gl/fES3aK
> for more information.
> ==
>
> Ing. Andrea Aime
> @geowolf
> Technical Lead
>
> GeoSolutions S.A.S.
> Via Poggio alle Viti 1187
> 55054 Massarosa (LU)
> Italy
> phone: +39 0584 962313
> fax: +39 0584 1660272
> mob: +39 339 8844549
>
> http://www.geo-solutions.it
> http://twitter.com/geosolutions_it
>
> -------------------------------------------------------
>
--
This transmission is intended for the named addressee(s) only and may
contain confidential, sensitive or personal information and should be
handled accordingly. Unless you are the named addressee (or authorised to
receive it for the addressee) you may not copy or use it, or disclose it to
anyone else. If you have received this transmission in error please notify
the sender immediately. All email traffic sent to or from us, including
without limitation all GCSX traffic, may be subject to recording and/or
monitoring in accordance with relevant legislation.
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
