Re: [VOTE] Create the "security" mailing list for the OFBiz project
+1 Jacopo On Sun, Jul 24, 2016 at 2:32 PM, Jacopo Cappellato < jacopo.cappell...@hotwaxsystems.com> wrote: > Rationale: every ASF project needs a private list to discuss product > vulnerabilities; for OFBiz the "private" list has been used for this > purpose until now; however an ad-hoc list may be useful because it could > provide a more focused space to discuss the security issues and could > provide more flexibility to invite in the private list persons willing to > help that are trusted by the PMC. > > Please vote, > > +1 > > to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all > the security related discussions and notifications currently happening on > the private list to this new list: according to the ASF policies [*] the > list will be a private list used by the persons willing to help to resolve > security issues; the list of subscribers will be approved by the OFBiz PMC. > > Otherwise vote -1 to continue to use the "private" mailing list for > vulnerability handling. > > [*] http://www.apache.org/security/ >
Re: [VOTE] Create the "security" mailing list for the OFBiz project
+1 Thanks & Regards --- Arun Patidar Manager, Enterprise Software Development HotWax Systems www.hotwaxsystems.com On Sunday 24 July 2016 06:02 PM, Jacopo Cappellato wrote: Rationale: every ASF project needs a private list to discuss product vulnerabilities; for OFBiz the "private" list has been used for this purpose until now; however an ad-hoc list may be useful because it could provide a more focused space to discuss the security issues and could provide more flexibility to invite in the private list persons willing to help that are trusted by the PMC. Please vote, +1 to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all the security related discussions and notifications currently happening on the private list to this new list: according to the ASF policies [*] the list will be a private list used by the persons willing to help to resolve security issues; the list of subscribers will be approved by the OFBiz PMC. Otherwise vote -1 to continue to use the "private" mailing list for vulnerability handling. [*] http://www.apache.org/security/
Re: [VOTE] Create the "security" mailing list for the OFBiz project
+1 Thanks & Regards On Tue, Jul 26, 2016 at 5:53 AM, Scott Gray wrote: > Thanks for confirming Jacopo, +1 from me > > On 26/07/2016 00:32, "Jacopo Cappellato" < > jacopo.cappell...@hotwaxsystems.com> wrote: > > > Correct! > > A project can ask for the creation of the security list and the PMC may > > invite non-PMC members. > > > > Jacopo > > > > On Mon, Jul 25, 2016 at 12:06 PM, Scott Gray < > scott.g...@hotwaxsystems.com > > > > > wrote: > > > > > Ok I had a read of http://www.apache.org/security/committers.html and > I > > > see > > > how it works. Looks like PMC is the default alternative "security > team" > > > when a security list doesn't exist. > > > > > > On 25 July 2016 at 21:31, gregory draperi > > > wrote: > > > > > > > On my side I voted +1 as I thing it would be easier for me to follow > > > > security topics with a dedicated list. > > > > Furthermore, I don't need to be added to the private list as I don't > > > > need/want to be part of strategy or main orientations discussions for > > > > Ofbiz. > > > > > > > > > > > > 2016-07-25 11:27 GMT+02:00 Scott Gray >: > > > > > > > > > Why would we do that? Security concerns are the responsibility of > > the > > > > PMC > > > > > and supposed to be kept confidential until resolved aren't they? > > > > > > > > > > On 25 July 2016 at 20:31, Jacques Le Roux < > > > jacques.le.r...@les7arts.com> > > > > > wrote: > > > > > > > > > > > I guess we need at least a separate list to grant access to non > > > > > > OFBiz-PMC/ASF members > > > > > > > > > > > > Jacques > > > > > > > > > > > > > > > > > > > > > > > > Le 25/07/2016 à 06:38, Scott Gray a écrit : > > > > > > > > > > > >> Do we actually need a separate mailing list, or should it just > > > forward > > > > > to > > > > > >> private@? > > > > > >> > > > > > >> Regards > > > > > >> Scott > > > > > >> > > > > > >> On 25 July 2016 at 15:58, Ashish Vijaywargiya < > > > > > >> ashish.vijaywarg...@hotwaxsystems.com> wrote: > > > > > >> > > > > > >> +1 > > > > > >>> > > > > > >>> -- > > > > > >>> Kind Regards > > > > > >>> Ashish Vijaywargiya > > > > > >>> HotWax Systems - est. 1997 > > > > > >>> > > > > > >>> > > > > > >>> On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato < > > > > > >>> jacopo.cappell...@hotwaxsystems.com> wrote: > > > > > >>> > > > > > >>> Rationale: every ASF project needs a private list to discuss > > > product > > > > > vulnerabilities; for OFBiz the "private" list has been used > for > > > this > > > > > purpose until now; however an ad-hoc list may be useful > because > > it > > > > > could > > > > > provide a more focused space to discuss the security issues > and > > > > could > > > > > provide more flexibility to invite in the private list persons > > > > willing > > > > > to > > > > > help that are trusted by the PMC. > > > > > > > > > > Please vote, > > > > > > > > > > +1 > > > > > > > > > > to create a "security" list (i.e. secur...@ofbiz.apache.org) > > and > > > > move > > > > > > > > > > >>> all > > > > > >>> > > > > > the security related discussions and notifications currently > > > > happening > > > > > on > > > > > the private list to this new list: according to the ASF > policies > > > [*] > > > > > the > > > > > list will be a private list used by the persons willing to > help > > to > > > > > > > > > > >>> resolve > > > > > >>> > > > > > security issues; the list of subscribers will be approved by > the > > > > OFBiz > > > > > > > > > > >>> PMC. > > > > > >>> > > > > > Otherwise vote -1 to continue to use the "private" mailing > list > > > for > > > > > vulnerability handling. > > > > > > > > > > [*] http://www.apache.org/security/ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > > Grégory Draperi > > > > > > > > > > -- *THANG NGUYEN (Mr)* *OLBIUS DEVELOPER**Email:* nguyenthang0...@gmail.com | *Mobile:* (+84) 1674636641 *OLBIUS., JSC* *Tel:* (+84) 9 88 99 *Address: *25th Fl., No 91, Nguyen Chi Thanh St., Ha Noi City, VietNam *Website:* http://olbius.com
Re: [VOTE] Create the "security" mailing list for the OFBiz project
Thanks for confirming Jacopo, +1 from me On 26/07/2016 00:32, "Jacopo Cappellato" < jacopo.cappell...@hotwaxsystems.com> wrote: > Correct! > A project can ask for the creation of the security list and the PMC may > invite non-PMC members. > > Jacopo > > On Mon, Jul 25, 2016 at 12:06 PM, Scott Gray > > wrote: > > > Ok I had a read of http://www.apache.org/security/committers.html and I > > see > > how it works. Looks like PMC is the default alternative "security team" > > when a security list doesn't exist. > > > > On 25 July 2016 at 21:31, gregory draperi > > wrote: > > > > > On my side I voted +1 as I thing it would be easier for me to follow > > > security topics with a dedicated list. > > > Furthermore, I don't need to be added to the private list as I don't > > > need/want to be part of strategy or main orientations discussions for > > > Ofbiz. > > > > > > > > > 2016-07-25 11:27 GMT+02:00 Scott Gray : > > > > > > > Why would we do that? Security concerns are the responsibility of > the > > > PMC > > > > and supposed to be kept confidential until resolved aren't they? > > > > > > > > On 25 July 2016 at 20:31, Jacques Le Roux < > > jacques.le.r...@les7arts.com> > > > > wrote: > > > > > > > > > I guess we need at least a separate list to grant access to non > > > > > OFBiz-PMC/ASF members > > > > > > > > > > Jacques > > > > > > > > > > > > > > > > > > > > Le 25/07/2016 à 06:38, Scott Gray a écrit : > > > > > > > > > >> Do we actually need a separate mailing list, or should it just > > forward > > > > to > > > > >> private@? > > > > >> > > > > >> Regards > > > > >> Scott > > > > >> > > > > >> On 25 July 2016 at 15:58, Ashish Vijaywargiya < > > > > >> ashish.vijaywarg...@hotwaxsystems.com> wrote: > > > > >> > > > > >> +1 > > > > >>> > > > > >>> -- > > > > >>> Kind Regards > > > > >>> Ashish Vijaywargiya > > > > >>> HotWax Systems - est. 1997 > > > > >>> > > > > >>> > > > > >>> On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato < > > > > >>> jacopo.cappell...@hotwaxsystems.com> wrote: > > > > >>> > > > > >>> Rationale: every ASF project needs a private list to discuss > > product > > > > vulnerabilities; for OFBiz the "private" list has been used for > > this > > > > purpose until now; however an ad-hoc list may be useful because > it > > > > could > > > > provide a more focused space to discuss the security issues and > > > could > > > > provide more flexibility to invite in the private list persons > > > willing > > > > to > > > > help that are trusted by the PMC. > > > > > > > > Please vote, > > > > > > > > +1 > > > > > > > > to create a "security" list (i.e. secur...@ofbiz.apache.org) > and > > > move > > > > > > > > >>> all > > > > >>> > > > > the security related discussions and notifications currently > > > happening > > > > on > > > > the private list to this new list: according to the ASF policies > > [*] > > > > the > > > > list will be a private list used by the persons willing to help > to > > > > > > > > >>> resolve > > > > >>> > > > > security issues; the list of subscribers will be approved by the > > > OFBiz > > > > > > > > >>> PMC. > > > > >>> > > > > Otherwise vote -1 to continue to use the "private" mailing list > > for > > > > vulnerability handling. > > > > > > > > [*] http://www.apache.org/security/ > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > Grégory Draperi > > > > > >
Re: [VOTE] Create the "security" mailing list for the OFBiz project
+1 -David > On 24 Jul 2016, at 05:32, Jacopo Cappellato > wrote: > > Rationale: every ASF project needs a private list to discuss product > vulnerabilities; for OFBiz the "private" list has been used for this > purpose until now; however an ad-hoc list may be useful because it could > provide a more focused space to discuss the security issues and could > provide more flexibility to invite in the private list persons willing to > help that are trusted by the PMC. > > Please vote, > > +1 > > to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all > the security related discussions and notifications currently happening on > the private list to this new list: according to the ASF policies [*] the > list will be a private list used by the persons willing to help to resolve > security issues; the list of subscribers will be approved by the OFBiz PMC. > > Otherwise vote -1 to continue to use the "private" mailing list for > vulnerability handling. > > [*] http://www.apache.org/security/
Re: [VOTE] Create the "security" mailing list for the OFBiz project
Correct! A project can ask for the creation of the security list and the PMC may invite non-PMC members. Jacopo On Mon, Jul 25, 2016 at 12:06 PM, Scott Gray wrote: > Ok I had a read of http://www.apache.org/security/committers.html and I > see > how it works. Looks like PMC is the default alternative "security team" > when a security list doesn't exist. > > On 25 July 2016 at 21:31, gregory draperi > wrote: > > > On my side I voted +1 as I thing it would be easier for me to follow > > security topics with a dedicated list. > > Furthermore, I don't need to be added to the private list as I don't > > need/want to be part of strategy or main orientations discussions for > > Ofbiz. > > > > > > 2016-07-25 11:27 GMT+02:00 Scott Gray : > > > > > Why would we do that? Security concerns are the responsibility of the > > PMC > > > and supposed to be kept confidential until resolved aren't they? > > > > > > On 25 July 2016 at 20:31, Jacques Le Roux < > jacques.le.r...@les7arts.com> > > > wrote: > > > > > > > I guess we need at least a separate list to grant access to non > > > > OFBiz-PMC/ASF members > > > > > > > > Jacques > > > > > > > > > > > > > > > > Le 25/07/2016 à 06:38, Scott Gray a écrit : > > > > > > > >> Do we actually need a separate mailing list, or should it just > forward > > > to > > > >> private@? > > > >> > > > >> Regards > > > >> Scott > > > >> > > > >> On 25 July 2016 at 15:58, Ashish Vijaywargiya < > > > >> ashish.vijaywarg...@hotwaxsystems.com> wrote: > > > >> > > > >> +1 > > > >>> > > > >>> -- > > > >>> Kind Regards > > > >>> Ashish Vijaywargiya > > > >>> HotWax Systems - est. 1997 > > > >>> > > > >>> > > > >>> On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato < > > > >>> jacopo.cappell...@hotwaxsystems.com> wrote: > > > >>> > > > >>> Rationale: every ASF project needs a private list to discuss > product > > > vulnerabilities; for OFBiz the "private" list has been used for > this > > > purpose until now; however an ad-hoc list may be useful because it > > > could > > > provide a more focused space to discuss the security issues and > > could > > > provide more flexibility to invite in the private list persons > > willing > > > to > > > help that are trusted by the PMC. > > > > > > Please vote, > > > > > > +1 > > > > > > to create a "security" list (i.e. secur...@ofbiz.apache.org) and > > move > > > > > > >>> all > > > >>> > > > the security related discussions and notifications currently > > happening > > > on > > > the private list to this new list: according to the ASF policies > [*] > > > the > > > list will be a private list used by the persons willing to help to > > > > > > >>> resolve > > > >>> > > > security issues; the list of subscribers will be approved by the > > OFBiz > > > > > > >>> PMC. > > > >>> > > > Otherwise vote -1 to continue to use the "private" mailing list > for > > > vulnerability handling. > > > > > > [*] http://www.apache.org/security/ > > > > > > > > > > > > > > > > > > > > > -- > > Grégory Draperi > > >
Re: [VOTE] Create the "security" mailing list for the OFBiz project
Ok I had a read of http://www.apache.org/security/committers.html and I see how it works. Looks like PMC is the default alternative "security team" when a security list doesn't exist. On 25 July 2016 at 21:31, gregory draperi wrote: > On my side I voted +1 as I thing it would be easier for me to follow > security topics with a dedicated list. > Furthermore, I don't need to be added to the private list as I don't > need/want to be part of strategy or main orientations discussions for > Ofbiz. > > > 2016-07-25 11:27 GMT+02:00 Scott Gray : > > > Why would we do that? Security concerns are the responsibility of the > PMC > > and supposed to be kept confidential until resolved aren't they? > > > > On 25 July 2016 at 20:31, Jacques Le Roux > > wrote: > > > > > I guess we need at least a separate list to grant access to non > > > OFBiz-PMC/ASF members > > > > > > Jacques > > > > > > > > > > > > Le 25/07/2016 à 06:38, Scott Gray a écrit : > > > > > >> Do we actually need a separate mailing list, or should it just forward > > to > > >> private@? > > >> > > >> Regards > > >> Scott > > >> > > >> On 25 July 2016 at 15:58, Ashish Vijaywargiya < > > >> ashish.vijaywarg...@hotwaxsystems.com> wrote: > > >> > > >> +1 > > >>> > > >>> -- > > >>> Kind Regards > > >>> Ashish Vijaywargiya > > >>> HotWax Systems - est. 1997 > > >>> > > >>> > > >>> On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato < > > >>> jacopo.cappell...@hotwaxsystems.com> wrote: > > >>> > > >>> Rationale: every ASF project needs a private list to discuss product > > vulnerabilities; for OFBiz the "private" list has been used for this > > purpose until now; however an ad-hoc list may be useful because it > > could > > provide a more focused space to discuss the security issues and > could > > provide more flexibility to invite in the private list persons > willing > > to > > help that are trusted by the PMC. > > > > Please vote, > > > > +1 > > > > to create a "security" list (i.e. secur...@ofbiz.apache.org) and > move > > > > >>> all > > >>> > > the security related discussions and notifications currently > happening > > on > > the private list to this new list: according to the ASF policies [*] > > the > > list will be a private list used by the persons willing to help to > > > > >>> resolve > > >>> > > security issues; the list of subscribers will be approved by the > OFBiz > > > > >>> PMC. > > >>> > > Otherwise vote -1 to continue to use the "private" mailing list for > > vulnerability handling. > > > > [*] http://www.apache.org/security/ > > > > > > > > > > > > > -- > Grégory Draperi >
Re: [VOTE] Create the "security" mailing list for the OFBiz project
On my side I voted +1 as I thing it would be easier for me to follow security topics with a dedicated list. Furthermore, I don't need to be added to the private list as I don't need/want to be part of strategy or main orientations discussions for Ofbiz. 2016-07-25 11:27 GMT+02:00 Scott Gray : > Why would we do that? Security concerns are the responsibility of the PMC > and supposed to be kept confidential until resolved aren't they? > > On 25 July 2016 at 20:31, Jacques Le Roux > wrote: > > > I guess we need at least a separate list to grant access to non > > OFBiz-PMC/ASF members > > > > Jacques > > > > > > > > Le 25/07/2016 à 06:38, Scott Gray a écrit : > > > >> Do we actually need a separate mailing list, or should it just forward > to > >> private@? > >> > >> Regards > >> Scott > >> > >> On 25 July 2016 at 15:58, Ashish Vijaywargiya < > >> ashish.vijaywarg...@hotwaxsystems.com> wrote: > >> > >> +1 > >>> > >>> -- > >>> Kind Regards > >>> Ashish Vijaywargiya > >>> HotWax Systems - est. 1997 > >>> > >>> > >>> On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato < > >>> jacopo.cappell...@hotwaxsystems.com> wrote: > >>> > >>> Rationale: every ASF project needs a private list to discuss product > vulnerabilities; for OFBiz the "private" list has been used for this > purpose until now; however an ad-hoc list may be useful because it > could > provide a more focused space to discuss the security issues and could > provide more flexibility to invite in the private list persons willing > to > help that are trusted by the PMC. > > Please vote, > > +1 > > to create a "security" list (i.e. secur...@ofbiz.apache.org) and move > > >>> all > >>> > the security related discussions and notifications currently happening > on > the private list to this new list: according to the ASF policies [*] > the > list will be a private list used by the persons willing to help to > > >>> resolve > >>> > security issues; the list of subscribers will be approved by the OFBiz > > >>> PMC. > >>> > Otherwise vote -1 to continue to use the "private" mailing list for > vulnerability handling. > > [*] http://www.apache.org/security/ > > > > > -- Grégory Draperi
Re: [VOTE] Create the "security" mailing list for the OFBiz project
Why would we do that? Security concerns are the responsibility of the PMC and supposed to be kept confidential until resolved aren't they? On 25 July 2016 at 20:31, Jacques Le Roux wrote: > I guess we need at least a separate list to grant access to non > OFBiz-PMC/ASF members > > Jacques > > > > Le 25/07/2016 à 06:38, Scott Gray a écrit : > >> Do we actually need a separate mailing list, or should it just forward to >> private@? >> >> Regards >> Scott >> >> On 25 July 2016 at 15:58, Ashish Vijaywargiya < >> ashish.vijaywarg...@hotwaxsystems.com> wrote: >> >> +1 >>> >>> -- >>> Kind Regards >>> Ashish Vijaywargiya >>> HotWax Systems - est. 1997 >>> >>> >>> On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato < >>> jacopo.cappell...@hotwaxsystems.com> wrote: >>> >>> Rationale: every ASF project needs a private list to discuss product vulnerabilities; for OFBiz the "private" list has been used for this purpose until now; however an ad-hoc list may be useful because it could provide a more focused space to discuss the security issues and could provide more flexibility to invite in the private list persons willing to help that are trusted by the PMC. Please vote, +1 to create a "security" list (i.e. secur...@ofbiz.apache.org) and move >>> all >>> the security related discussions and notifications currently happening on the private list to this new list: according to the ASF policies [*] the list will be a private list used by the persons willing to help to >>> resolve >>> security issues; the list of subscribers will be approved by the OFBiz >>> PMC. >>> Otherwise vote -1 to continue to use the "private" mailing list for vulnerability handling. [*] http://www.apache.org/security/ >
Re: [VOTE] Create the "security" mailing list for the OFBiz project
I guess we need at least a separate list to grant access to non OFBiz-PMC/ASF members Jacques Le 25/07/2016 à 06:38, Scott Gray a écrit : Do we actually need a separate mailing list, or should it just forward to private@? Regards Scott On 25 July 2016 at 15:58, Ashish Vijaywargiya < ashish.vijaywarg...@hotwaxsystems.com> wrote: +1 -- Kind Regards Ashish Vijaywargiya HotWax Systems - est. 1997 On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato < jacopo.cappell...@hotwaxsystems.com> wrote: Rationale: every ASF project needs a private list to discuss product vulnerabilities; for OFBiz the "private" list has been used for this purpose until now; however an ad-hoc list may be useful because it could provide a more focused space to discuss the security issues and could provide more flexibility to invite in the private list persons willing to help that are trusted by the PMC. Please vote, +1 to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all the security related discussions and notifications currently happening on the private list to this new list: according to the ASF policies [*] the list will be a private list used by the persons willing to help to resolve security issues; the list of subscribers will be approved by the OFBiz PMC. Otherwise vote -1 to continue to use the "private" mailing list for vulnerability handling. [*] http://www.apache.org/security/
Re: [VOTE] Create the "security" mailing list for the OFBiz project
+1 Le 24/07/2016 à 14:32, Jacopo Cappellato a écrit : Rationale: every ASF project needs a private list to discuss product vulnerabilities; for OFBiz the "private" list has been used for this purpose until now; however an ad-hoc list may be useful because it could provide a more focused space to discuss the security issues and could provide more flexibility to invite in the private list persons willing to help that are trusted by the PMC. Please vote, +1 to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all the security related discussions and notifications currently happening on the private list to this new list: according to the ASF policies [*] the list will be a private list used by the persons willing to help to resolve security issues; the list of subscribers will be approved by the OFBiz PMC. Otherwise vote -1 to continue to use the "private" mailing list for vulnerability handling. [*] http://www.apache.org/security/
Re: [VOTE] Create the "security" mailing list for the OFBiz project
+1 Thanks & Regards -- Deepak Dixit www.hotwaxsystems.com On Mon, Jul 25, 2016 at 10:08 AM, Scott Gray wrote: > Do we actually need a separate mailing list, or should it just forward to > private@? > > Regards > Scott > > On 25 July 2016 at 15:58, Ashish Vijaywargiya < > ashish.vijaywarg...@hotwaxsystems.com> wrote: > > > +1 > > > > -- > > Kind Regards > > Ashish Vijaywargiya > > HotWax Systems - est. 1997 > > > > > > On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato < > > jacopo.cappell...@hotwaxsystems.com> wrote: > > > > > Rationale: every ASF project needs a private list to discuss product > > > vulnerabilities; for OFBiz the "private" list has been used for this > > > purpose until now; however an ad-hoc list may be useful because it > could > > > provide a more focused space to discuss the security issues and could > > > provide more flexibility to invite in the private list persons willing > to > > > help that are trusted by the PMC. > > > > > > Please vote, > > > > > > +1 > > > > > > to create a "security" list (i.e. secur...@ofbiz.apache.org) and move > > all > > > the security related discussions and notifications currently happening > on > > > the private list to this new list: according to the ASF policies [*] > the > > > list will be a private list used by the persons willing to help to > > resolve > > > security issues; the list of subscribers will be approved by the OFBiz > > PMC. > > > > > > Otherwise vote -1 to continue to use the "private" mailing list for > > > vulnerability handling. > > > > > > [*] http://www.apache.org/security/ > > > > > >
Re: [VOTE] Create the "security" mailing list for the OFBiz project
Do we actually need a separate mailing list, or should it just forward to private@? Regards Scott On 25 July 2016 at 15:58, Ashish Vijaywargiya < ashish.vijaywarg...@hotwaxsystems.com> wrote: > +1 > > -- > Kind Regards > Ashish Vijaywargiya > HotWax Systems - est. 1997 > > > On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato < > jacopo.cappell...@hotwaxsystems.com> wrote: > > > Rationale: every ASF project needs a private list to discuss product > > vulnerabilities; for OFBiz the "private" list has been used for this > > purpose until now; however an ad-hoc list may be useful because it could > > provide a more focused space to discuss the security issues and could > > provide more flexibility to invite in the private list persons willing to > > help that are trusted by the PMC. > > > > Please vote, > > > > +1 > > > > to create a "security" list (i.e. secur...@ofbiz.apache.org) and move > all > > the security related discussions and notifications currently happening on > > the private list to this new list: according to the ASF policies [*] the > > list will be a private list used by the persons willing to help to > resolve > > security issues; the list of subscribers will be approved by the OFBiz > PMC. > > > > Otherwise vote -1 to continue to use the "private" mailing list for > > vulnerability handling. > > > > [*] http://www.apache.org/security/ > > >
Re: [VOTE] Create the "security" mailing list for the OFBiz project
+1 -- Kind Regards Ashish Vijaywargiya HotWax Systems - est. 1997 On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato < jacopo.cappell...@hotwaxsystems.com> wrote: > Rationale: every ASF project needs a private list to discuss product > vulnerabilities; for OFBiz the "private" list has been used for this > purpose until now; however an ad-hoc list may be useful because it could > provide a more focused space to discuss the security issues and could > provide more flexibility to invite in the private list persons willing to > help that are trusted by the PMC. > > Please vote, > > +1 > > to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all > the security related discussions and notifications currently happening on > the private list to this new list: according to the ASF policies [*] the > list will be a private list used by the persons willing to help to resolve > security issues; the list of subscribers will be approved by the OFBiz PMC. > > Otherwise vote -1 to continue to use the "private" mailing list for > vulnerability handling. > > [*] http://www.apache.org/security/ >
Re: [VOTE] Create the "security" mailing list for the OFBiz project
+1 On 24/07/2016 14:32, Jacopo Cappellato wrote: Rationale: every ASF project needs a private list to discuss product vulnerabilities; for OFBiz the "private" list has been used for this purpose until now; however an ad-hoc list may be useful because it could provide a more focused space to discuss the security issues and could provide more flexibility to invite in the private list persons willing to help that are trusted by the PMC. Please vote, +1 to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all the security related discussions and notifications currently happening on the private list to this new list: according to the ASF policies [*] the list will be a private list used by the persons willing to help to resolve security issues; the list of subscribers will be approved by the OFBiz PMC. Otherwise vote -1 to continue to use the "private" mailing list for vulnerability handling. [*] http://www.apache.org/security/
Re: [VOTE] Create the "security" mailing list for the OFBiz project
Mmm... I must also add that ASF members have access to other PMCs private MLs Jacques Le 24/07/2016 à 14:56, Jacques Le Roux a écrit : Le 24/07/2016 à 14:55, Jacques Le Roux a écrit : Yes Michael. Le 24/07/2016 à 14:43, Michael Brohl a écrit : The "private" mailing list is only for PMC members of the project?
Re: [VOTE] Create the "security" mailing list for the OFBiz project
+1 Thanks Sharan On 24/07/16 14:32, Jacopo Cappellato wrote: Rationale: every ASF project needs a private list to discuss product vulnerabilities; for OFBiz the "private" list has been used for this purpose until now; however an ad-hoc list may be useful because it could provide a more focused space to discuss the security issues and could provide more flexibility to invite in the private list persons willing to help that are trusted by the PMC. Please vote, +1 to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all the security related discussions and notifications currently happening on the private list to this new list: according to the ASF policies [*] the list will be a private list used by the persons willing to help to resolve security issues; the list of subscribers will be approved by the OFBiz PMC. Otherwise vote -1 to continue to use the "private" mailing list for vulnerability handling. [*] http://www.apache.org/security/
Re: [VOTE] Create the "security" mailing list for the OFBiz project
+1 On 24/07/2016 14:32, Jacopo Cappellato wrote: Rationale: every ASF project needs a private list to discuss product vulnerabilities; for OFBiz the "private" list has been used for this purpose until now; however an ad-hoc list may be useful because it could provide a more focused space to discuss the security issues and could provide more flexibility to invite in the private list persons willing to help that are trusted by the PMC. Please vote, +1 to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all the security related discussions and notifications currently happening on the private list to this new list: according to the ASF policies [*] the list will be a private list used by the persons willing to help to resolve security issues; the list of subscribers will be approved by the OFBiz PMC. Otherwise vote -1 to continue to use the "private" mailing list for vulnerability handling. [*] http://www.apache.org/security/
Re: [VOTE] Create the "security" mailing list for the OFBiz project
+1 good idea On Jul 24, 2016 3:56 PM, "Jacques Le Roux" wrote: Le 24/07/2016 à 14:55, Jacques Le Roux a écrit : > Yes Michael. > > +1 for me also for the security list > > I noted that this will allow your contact info to be published here: > https://www.apache.org/security/projects.html > Typo, it's : our contact info Jacques > Thanks > > Jacques > > > Le 24/07/2016 à 14:43, Michael Brohl a écrit : > >> +1 >> >> The "private" mailing list is only for PMC members of the project? >> >> Regards, >> Michael Brohl >> ecomify GmbH >> www.ecomify.de >> >> >> Am 24.07.16 um 14:32 schrieb Jacopo Cappellato: >> >>> Rationale: every ASF project needs a private list to discuss product >>> vulnerabilities; for OFBiz the "private" list has been used for this >>> purpose until now; however an ad-hoc list may be useful because it could >>> provide a more focused space to discuss the security issues and could >>> provide more flexibility to invite in the private list persons willing to >>> help that are trusted by the PMC. >>> >>> Please vote, >>> >>> +1 >>> >>> to create a "security" list (i.e. secur...@ofbiz.apache.org) and move >>> all >>> the security related discussions and notifications currently happening on >>> the private list to this new list: according to the ASF policies [*] the >>> list will be a private list used by the persons willing to help to >>> resolve >>> security issues; the list of subscribers will be approved by the OFBiz >>> PMC. >>> >>> Otherwise vote -1 to continue to use the "private" mailing list for >>> vulnerability handling. >>> >>> [*] http://www.apache.org/security/ >>> >>> >> >> > >
Re: [VOTE] Create the "security" mailing list for the OFBiz project
Le 24/07/2016 à 14:55, Jacques Le Roux a écrit : Yes Michael. +1 for me also for the security list I noted that this will allow your contact info to be published here: https://www.apache.org/security/projects.html Typo, it's : our contact info Jacques Thanks Jacques Le 24/07/2016 à 14:43, Michael Brohl a écrit : +1 The "private" mailing list is only for PMC members of the project? Regards, Michael Brohl ecomify GmbH www.ecomify.de Am 24.07.16 um 14:32 schrieb Jacopo Cappellato: Rationale: every ASF project needs a private list to discuss product vulnerabilities; for OFBiz the "private" list has been used for this purpose until now; however an ad-hoc list may be useful because it could provide a more focused space to discuss the security issues and could provide more flexibility to invite in the private list persons willing to help that are trusted by the PMC. Please vote, +1 to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all the security related discussions and notifications currently happening on the private list to this new list: according to the ASF policies [*] the list will be a private list used by the persons willing to help to resolve security issues; the list of subscribers will be approved by the OFBiz PMC. Otherwise vote -1 to continue to use the "private" mailing list for vulnerability handling. [*] http://www.apache.org/security/
Re: [VOTE] Create the "security" mailing list for the OFBiz project
Yes Michael. +1 for me also for the security list I noted that this will allow your contact info to be published here: https://www.apache.org/security/projects.html Thanks Jacques Le 24/07/2016 à 14:43, Michael Brohl a écrit : +1 The "private" mailing list is only for PMC members of the project? Regards, Michael Brohl ecomify GmbH www.ecomify.de Am 24.07.16 um 14:32 schrieb Jacopo Cappellato: Rationale: every ASF project needs a private list to discuss product vulnerabilities; for OFBiz the "private" list has been used for this purpose until now; however an ad-hoc list may be useful because it could provide a more focused space to discuss the security issues and could provide more flexibility to invite in the private list persons willing to help that are trusted by the PMC. Please vote, +1 to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all the security related discussions and notifications currently happening on the private list to this new list: according to the ASF policies [*] the list will be a private list used by the persons willing to help to resolve security issues; the list of subscribers will be approved by the OFBiz PMC. Otherwise vote -1 to continue to use the "private" mailing list for vulnerability handling. [*] http://www.apache.org/security/
Re: [VOTE] Create the "security" mailing list for the OFBiz project
+1 2016-07-24 14:32 GMT+02:00 Jacopo Cappellato < jacopo.cappell...@hotwaxsystems.com>: > Rationale: every ASF project needs a private list to discuss product > vulnerabilities; for OFBiz the "private" list has been used for this > purpose until now; however an ad-hoc list may be useful because it could > provide a more focused space to discuss the security issues and could > provide more flexibility to invite in the private list persons willing to > help that are trusted by the PMC. > > Please vote, > > +1 > > to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all > the security related discussions and notifications currently happening on > the private list to this new list: according to the ASF policies [*] the > list will be a private list used by the persons willing to help to resolve > security issues; the list of subscribers will be approved by the OFBiz PMC. > > Otherwise vote -1 to continue to use the "private" mailing list for > vulnerability handling. > > [*] http://www.apache.org/security/ > -- Grégory Draperi
Re: [VOTE] Create the "security" mailing list for the OFBiz project
+1 The "private" mailing list is only for PMC members of the project? Regards, Michael Brohl ecomify GmbH www.ecomify.de Am 24.07.16 um 14:32 schrieb Jacopo Cappellato: Rationale: every ASF project needs a private list to discuss product vulnerabilities; for OFBiz the "private" list has been used for this purpose until now; however an ad-hoc list may be useful because it could provide a more focused space to discuss the security issues and could provide more flexibility to invite in the private list persons willing to help that are trusted by the PMC. Please vote, +1 to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all the security related discussions and notifications currently happening on the private list to this new list: according to the ASF policies [*] the list will be a private list used by the persons willing to help to resolve security issues; the list of subscribers will be approved by the OFBiz PMC. Otherwise vote -1 to continue to use the "private" mailing list for vulnerability handling. [*] http://www.apache.org/security/ smime.p7s Description: S/MIME Cryptographic Signature
[VOTE] Create the "security" mailing list for the OFBiz project
Rationale: every ASF project needs a private list to discuss product vulnerabilities; for OFBiz the "private" list has been used for this purpose until now; however an ad-hoc list may be useful because it could provide a more focused space to discuss the security issues and could provide more flexibility to invite in the private list persons willing to help that are trusted by the PMC. Please vote, +1 to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all the security related discussions and notifications currently happening on the private list to this new list: according to the ASF policies [*] the list will be a private list used by the persons willing to help to resolve security issues; the list of subscribers will be approved by the OFBiz PMC. Otherwise vote -1 to continue to use the "private" mailing list for vulnerability handling. [*] http://www.apache.org/security/