In some ways, the larger the security group, the quicker the solution rate. Security patched will need to be checked before they are committed, so the issue fixed doesn't break 3 other parts of the code.
On Wed, Jul 6, 2011 at 6:54 PM, Daniel Shahaf <d...@daniel.shahaf.name>wrote: > Dennis E. Hamilton wrote on Wed, Jul 06, 2011 at 12:02:31 -0700: > > I've learned that the Apache approach is for each PMC taking the lead > > in handling security matters related to its releases. To maintain the > > security of security matters, the practice is to have a private list > > (for us, ooo-security) with not more than ten security-aware > > subscribers. > > I've never heard of a magic number cap to the # of subscribers of > a mailing list. > -- This Apt Has Super Cow Powers - http://sourcefreedom.com