Hi, Dirk-Willem van Gulik wrote on 2011-10-06 14:14:
Furthermore - there is nothing stopping you from having a knownsecurity@ group more focused on security - and having this as your first (more public) port of call.
for years, there has been security@ooo. That group knows each other very well, has been working together in trust for many years, and not only I proposed here on this list to continue working the way it was before, since security is an area where we can work together closely apart from any "political" issues.
However, I was told several times, that this is not desired, and things are different at Apache. So be it, I am not wasting my time anymore explaining over and over again why my proposal would have been the best solution. Believe me, or tell me a dozen times things are different, it's your choice.
In the current case, however, as I understood it, Apache representatives have been made aware of the security issue. When and how Apache is able to ship a fixed binary, and whether this is needed, is out of my scope.
Florian -- Florian Effenberger <[email protected]> Steering Committee and Founding Member of The Document Foundation Tel: +49 8341 99660880 | Mobile: +49 151 14424108 Skype: floeff | Twitter/Identi.ca: @floeff
