Mitchell Stoltz wrote
>! <p>The Mozilla security bug group will have a private mailing list,
>! [EMAIL PROTECTED],
>
Good.
>to which everyone in the security bug group will be subscribed. This
>! list will act as a forum for discussing group policy
>! and the addition of new members, as described below. In addition,
>! Mozilla.org will maintain a second well-known address,
>! [EMAIL PROTECTED], through which people not
>! on the security group can submit reports of security bugs. Mail
>! sent to this address will go to the security module owner and peers,
>! who will be responsible for posting the information received to a
>! security bug.</p>
>
Everybody on the security bug group should be able to subscribe to the
security bug reports list.
The list should (maybe additionally) have the conventional alias
<[EMAIL PROTECTED]>.
>! <p>A typical warning will mention the application or module
>! affected, the affected versions, and a workaround (e.g. disabling
>! JavaScript).
>
* Description of bug
* Maybe limiting factors
(in case only certain user groups are affected, other groups can
safely ignore it)
>If the group decides to publish a warning, the module owner,
>! a peer, or some other person they may designate will post this
>! message to the
>! <a href="http://www.mozilla.org/projects/security/KnownVulnerabilities.html";>
>! Known Vulnerabilities</a> page.
>
The mailing list is still missing. It is not reasonable to ask Mozilla
contributors to reload the page twice a day or so.
