Related to recent discussion about various CVEs filed against Jackson
(and fixed, released), I think there is need for specific forum for
discussing security issues related to Jackson.
Since existing mailing groups are fully archived and open to anyone
(although I do have moderation rights to prevent outright spamming),
and since these discussions can be quite specific, it seems like there
is need for separate group or list or something.
At the same time, I don't want to:
1. Further fragment discussions, or
2. Have yet another place where I post majority of responses and comments
So I thought I should gauge if there is actual interest in having a
discussion forum that would be dedicated for things like
- Asking questions about potential security problems, handling of
- Initial reports, suggestions of possible issues, without publishing
potentially sensitive information
- Coordination of work like fixes (how, who, when), as well as
publishing of artifacts and information, and perhaps on how to file,
update CVE information
Now: although you are free to respond here, I think most useful for me
would be off-the-list emails to `tatu` (or `info`) at fasterxml dot
com, indicating your interest and ideally also project(s) you are
involved in (or company you work for), relevant for Jackson security
work. This mostly because I would be interested in knowing which
frameworks / companies see this as an important area of work, and to
see how wide coverage we might get (I have some numbers to suggest how
Jackson is used, via platforms).
I am also open to suggestions for different kinds of forums, with just
one limitation: I am looking for asynchronous communication, not an
interactive chat room (or similar), for this particular purpose.
-+ Tatu +-
You received this message because you are subscribed to the Google Groups
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to firstname.lastname@example.org.
For more options, visit https://groups.google.com/d/optout.