In the future I recommend joining the Skype meeting that happens every two
weeks it is a suitable publuc/ open to all way communicate that is not
immedtiatly searchable.
The other avenue is via the OSGeo foundation, where we have Andrea as a
GeoServer project officer who can be contacted on sensitive issues. Durning
OSGeo incubation we are always sure to have a bit of this personal contact
as that process often turns up trademark or IP Issues.
--
Jody
On Friday, May 9, 2014, Jonathan Moules <[email protected]>
wrote:
> Hi Andrea,
> I think I misconveyed my message.
> You have good points, but GeoServer is a fairly sizeable community, both
> of developers and users. The reason I tried to coax a discussion is because
> while there isn't a "GeoServer foundation" (like Mozilla/Apache/Linux etc),
> I wondered if maybe the core commercial contributors could work together on
> some sort of security scheme; they could point a developer to fix things on
> company time when it was warranted. It's in their best interests after all
> - if an application gets a reputation as being insecure then who's going to
> use it, free or otherwise? And if no-one wants to use it, the organisations
> reliant on it are a bit scuppered.
>
> I'm certainly *not* suggesting it's something that individual
> contributors must feel compelled to do in their spare time; quite the
> opposite, I'm trying to say that GeoServer would benefit from something
> more formal (hence originally referencing the PSC). Your example of a
> months-old XSS pull demonstrates that it's needed.
>
>
> When I see people talking so casually about the open source developers
>> taking over this work
>> in a timely fashion I would like them to have them spend some weekends
>> with me as I go
>> though bug reports and pull requests instead of getting out and relax a
>> bit...
>>
>
> I can assure you that I personally have a *lot* of respect and gratitude
> towards you as a result of your un-paid contributions to this community.
> I've said it before and I'll say it again: Thank you.
>
> (Oh, and my reference to "timely fashion" was because some vendors (i.e.
> the likes of Oracle, and co) have historically used "Responsible
> Disclosure" as a way to sit on bugs for many months; it was certainly not a
> dig at anyone here.)
>
> Cheers,
> Jonathan
>
>
>
>>
>> Cheers
>> Andrea
>>
>> --
>> ==
>> Meet us at GEO Business 2014! in London! Visit http://goo.gl/fES3aK
>> for more information.
>> ==
>>
>> Ing. Andrea Aime
>> @geowolf
>> Technical Lead
>>
>> GeoSolutions S.A.S.
>> Via Poggio alle Viti 1187
>> 55054 Massarosa (LU)
>> Italy
>> phone: +39 0584 962313
>> fax: +39 0584 1660272
>> mob: +39 339 8844549
>>
>> http://www.geo-solutions.it
>> http://twitter.com/geosolutions_it
>>
>> -------------------------------------------------------
>>
>
>
> This transmission is intended for the named addressee(s) only and may
> contain confidential, sensitive or personal information and should be
> handled accordingly. Unless you are the named addressee (or authorised to
> receive it for the addressee) you may not copy or use it, or disclose it to
> anyone else. If you have received this transmission in error please notify
> the sender immediately. All email traffic sent to or from us, including
> without limitation all GCSX traffic, may be subject to recording and/or
> monitoring in accordance with relevant legislation.
--
Jody Garnett
------------------------------------------------------------------------------
Is your legacy SCM system holding you back? Join Perforce May 7 to find out:
• 3 signs your SCM is hindering your productivity
• Requirements for releasing software faster
• Expert tips and advice for migrating your SCM now
http://p.sf.net/sfu/perforce
_______________________________________________
Geoserver-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/geoserver-users
