Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Jacopo Cappellato]

+1

Jacopo

On Sun, Jul 24, 2016 at 2:32 PM, Jacopo Cappellato <
jacopo.cappell...@hotwaxsystems.com> wrote:

> Rationale: every ASF project needs a private list to discuss product
> vulnerabilities; for OFBiz the "private" list has been used for this
> purpose until now; however an ad-hoc list may be useful because it could
> provide a more focused space to discuss the security issues and could
> provide more flexibility to invite in the private list persons willing to
> help that are trusted by the PMC.
>
> Please vote,
>
> +1
>
> to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
> the security related discussions and notifications currently happening on
> the private list to this new list: according to the ASF policies [*] the
> list will be a private list used by the persons willing to help to resolve
> security issues; the list of subscribers will be approved by the OFBiz PMC.
>
> Otherwise vote -1 to continue to use the "private" mailing list for
> vulnerability handling.
>
> [*] http://www.apache.org/security/
>

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Arun Patidar]

+1

Thanks & Regards
---
Arun Patidar
Manager, Enterprise Software Development
 HotWax Systems
www.hotwaxsystems.com

On Sunday 24 July 2016 06:02 PM, Jacopo Cappellato wrote:

Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[thang nguyen]

+1
Thanks & Regards
On Tue, Jul 26, 2016 at 5:53 AM, Scott Gray 
wrote:

> Thanks for confirming Jacopo, +1 from me
>
> On 26/07/2016 00:32, "Jacopo Cappellato" <
> jacopo.cappell...@hotwaxsystems.com> wrote:
>
> > Correct!
> > A project can ask for the creation of the security list and the PMC may
> > invite non-PMC members.
> >
> > Jacopo
> >
> > On Mon, Jul 25, 2016 at 12:06 PM, Scott Gray <
> scott.g...@hotwaxsystems.com
> > >
> > wrote:
> >
> > > Ok I had a read of http://www.apache.org/security/committers.html and
> I
> > > see
> > > how it works.  Looks like PMC is the default alternative "security
> team"
> > > when a security list doesn't exist.
> > >
> > > On 25 July 2016 at 21:31, gregory draperi 
> > > wrote:
> > >
> > > > On my side I voted +1 as I thing it would be easier for me to follow
> > > > security topics with a dedicated list.
> > > > Furthermore, I don't need to be added to the private list as I don't
> > > > need/want to be part of strategy or main orientations discussions for
> > > > Ofbiz.
> > > >
> > > >
> > > > 2016-07-25 11:27 GMT+02:00 Scott Gray  >:
> > > >
> > > > > Why would we do that?  Security concerns are the responsibility of
> > the
> > > > PMC
> > > > > and supposed to be kept confidential until resolved aren't they?
> > > > >
> > > > > On 25 July 2016 at 20:31, Jacques Le Roux <
> > > jacques.le.r...@les7arts.com>
> > > > > wrote:
> > > > >
> > > > > > I guess we need at least a separate list to grant access to non
> > > > > > OFBiz-PMC/ASF members
> > > > > >
> > > > > > Jacques
> > > > > >
> > > > > >
> > > > > >
> > > > > > Le 25/07/2016 à 06:38, Scott Gray a écrit :
> > > > > >
> > > > > >> Do we actually need a separate mailing list, or should it just
> > > forward
> > > > > to
> > > > > >> private@?
> > > > > >>
> > > > > >> Regards
> > > > > >> Scott
> > > > > >>
> > > > > >> On 25 July 2016 at 15:58, Ashish Vijaywargiya <
> > > > > >> ashish.vijaywarg...@hotwaxsystems.com> wrote:
> > > > > >>
> > > > > >> +1
> > > > > >>>
> > > > > >>> --
> > > > > >>> Kind Regards
> > > > > >>> Ashish Vijaywargiya
> > > > > >>> HotWax Systems - est. 1997
> > > > > >>>
> > > > > >>>
> > > > > >>> On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato <
> > > > > >>> jacopo.cappell...@hotwaxsystems.com> wrote:
> > > > > >>>
> > > > > >>> Rationale: every ASF project needs a private list to discuss
> > > product
> > > > >  vulnerabilities; for OFBiz the "private" list has been used
> for
> > > this
> > > > >  purpose until now; however an ad-hoc list may be useful
> because
> > it
> > > > > could
> > > > >  provide a more focused space to discuss the security issues
> and
> > > > could
> > > > >  provide more flexibility to invite in the private list persons
> > > > willing
> > > > >  to
> > > > >  help that are trusted by the PMC.
> > > > > 
> > > > >  Please vote,
> > > > > 
> > > > >  +1
> > > > > 
> > > > >  to create a "security" list (i.e. secur...@ofbiz.apache.org)
> > and
> > > > move
> > > > > 
> > > > > >>> all
> > > > > >>>
> > > > >  the security related discussions and notifications currently
> > > > happening
> > > > >  on
> > > > >  the private list to this new list: according to the ASF
> policies
> > > [*]
> > > > > the
> > > > >  list will be a private list used by the persons willing to
> help
> > to
> > > > > 
> > > > > >>> resolve
> > > > > >>>
> > > > >  security issues; the list of subscribers will be approved by
> the
> > > > OFBiz
> > > > > 
> > > > > >>> PMC.
> > > > > >>>
> > > > >  Otherwise vote -1 to continue to use the "private" mailing
> list
> > > for
> > > > >  vulnerability handling.
> > > > > 
> > > > >  [*] http://www.apache.org/security/
> > > > > 
> > > > > 
> > > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Grégory Draperi
> > > >
> > >
> >
>



-- 
*THANG NGUYEN (Mr)*

*OLBIUS DEVELOPER**Email:* nguyenthang0...@gmail.com
| *Mobile:* (+84) 1674636641

*OLBIUS., JSC*
*Tel:* (+84) 9 88 99 
*Address: *25th Fl., No 91, Nguyen Chi Thanh St., Ha Noi City, VietNam
*Website:* http://olbius.com

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Scott Gray]

Thanks for confirming Jacopo, +1 from me

On 26/07/2016 00:32, "Jacopo Cappellato" <
jacopo.cappell...@hotwaxsystems.com> wrote:

> Correct!
> A project can ask for the creation of the security list and the PMC may
> invite non-PMC members.
>
> Jacopo
>
> On Mon, Jul 25, 2016 at 12:06 PM, Scott Gray  >
> wrote:
>
> > Ok I had a read of http://www.apache.org/security/committers.html and I
> > see
> > how it works.  Looks like PMC is the default alternative "security team"
> > when a security list doesn't exist.
> >
> > On 25 July 2016 at 21:31, gregory draperi 
> > wrote:
> >
> > > On my side I voted +1 as I thing it would be easier for me to follow
> > > security topics with a dedicated list.
> > > Furthermore, I don't need to be added to the private list as I don't
> > > need/want to be part of strategy or main orientations discussions for
> > > Ofbiz.
> > >
> > >
> > > 2016-07-25 11:27 GMT+02:00 Scott Gray :
> > >
> > > > Why would we do that?  Security concerns are the responsibility of
> the
> > > PMC
> > > > and supposed to be kept confidential until resolved aren't they?
> > > >
> > > > On 25 July 2016 at 20:31, Jacques Le Roux <
> > jacques.le.r...@les7arts.com>
> > > > wrote:
> > > >
> > > > > I guess we need at least a separate list to grant access to non
> > > > > OFBiz-PMC/ASF members
> > > > >
> > > > > Jacques
> > > > >
> > > > >
> > > > >
> > > > > Le 25/07/2016 à 06:38, Scott Gray a écrit :
> > > > >
> > > > >> Do we actually need a separate mailing list, or should it just
> > forward
> > > > to
> > > > >> private@?
> > > > >>
> > > > >> Regards
> > > > >> Scott
> > > > >>
> > > > >> On 25 July 2016 at 15:58, Ashish Vijaywargiya <
> > > > >> ashish.vijaywarg...@hotwaxsystems.com> wrote:
> > > > >>
> > > > >> +1
> > > > >>>
> > > > >>> --
> > > > >>> Kind Regards
> > > > >>> Ashish Vijaywargiya
> > > > >>> HotWax Systems - est. 1997
> > > > >>>
> > > > >>>
> > > > >>> On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato <
> > > > >>> jacopo.cappell...@hotwaxsystems.com> wrote:
> > > > >>>
> > > > >>> Rationale: every ASF project needs a private list to discuss
> > product
> > > >  vulnerabilities; for OFBiz the "private" list has been used for
> > this
> > > >  purpose until now; however an ad-hoc list may be useful because
> it
> > > > could
> > > >  provide a more focused space to discuss the security issues and
> > > could
> > > >  provide more flexibility to invite in the private list persons
> > > willing
> > > >  to
> > > >  help that are trusted by the PMC.
> > > > 
> > > >  Please vote,
> > > > 
> > > >  +1
> > > > 
> > > >  to create a "security" list (i.e. secur...@ofbiz.apache.org)
> and
> > > move
> > > > 
> > > > >>> all
> > > > >>>
> > > >  the security related discussions and notifications currently
> > > happening
> > > >  on
> > > >  the private list to this new list: according to the ASF policies
> > [*]
> > > > the
> > > >  list will be a private list used by the persons willing to help
> to
> > > > 
> > > > >>> resolve
> > > > >>>
> > > >  security issues; the list of subscribers will be approved by the
> > > OFBiz
> > > > 
> > > > >>> PMC.
> > > > >>>
> > > >  Otherwise vote -1 to continue to use the "private" mailing list
> > for
> > > >  vulnerability handling.
> > > > 
> > > >  [*] http://www.apache.org/security/
> > > > 
> > > > 
> > > > >
> > > >
> > >
> > >
> > >
> > > --
> > > Grégory Draperi
> > >
> >
>

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[David E. Jones]

+1

-David


> On 24 Jul 2016, at 05:32, Jacopo Cappellato 
>  wrote:
> 
> Rationale: every ASF project needs a private list to discuss product
> vulnerabilities; for OFBiz the "private" list has been used for this
> purpose until now; however an ad-hoc list may be useful because it could
> provide a more focused space to discuss the security issues and could
> provide more flexibility to invite in the private list persons willing to
> help that are trusted by the PMC.
> 
> Please vote,
> 
> +1
> 
> to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
> the security related discussions and notifications currently happening on
> the private list to this new list: according to the ASF policies [*] the
> list will be a private list used by the persons willing to help to resolve
> security issues; the list of subscribers will be approved by the OFBiz PMC.
> 
> Otherwise vote -1 to continue to use the "private" mailing list for
> vulnerability handling.
> 
> [*] http://www.apache.org/security/

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Jacopo Cappellato]

Correct!
A project can ask for the creation of the security list and the PMC may
invite non-PMC members.

Jacopo

On Mon, Jul 25, 2016 at 12:06 PM, Scott Gray 
wrote:

> Ok I had a read of http://www.apache.org/security/committers.html and I
> see
> how it works.  Looks like PMC is the default alternative "security team"
> when a security list doesn't exist.
>
> On 25 July 2016 at 21:31, gregory draperi 
> wrote:
>
> > On my side I voted +1 as I thing it would be easier for me to follow
> > security topics with a dedicated list.
> > Furthermore, I don't need to be added to the private list as I don't
> > need/want to be part of strategy or main orientations discussions for
> > Ofbiz.
> >
> >
> > 2016-07-25 11:27 GMT+02:00 Scott Gray :
> >
> > > Why would we do that?  Security concerns are the responsibility of the
> > PMC
> > > and supposed to be kept confidential until resolved aren't they?
> > >
> > > On 25 July 2016 at 20:31, Jacques Le Roux <
> jacques.le.r...@les7arts.com>
> > > wrote:
> > >
> > > > I guess we need at least a separate list to grant access to non
> > > > OFBiz-PMC/ASF members
> > > >
> > > > Jacques
> > > >
> > > >
> > > >
> > > > Le 25/07/2016 à 06:38, Scott Gray a écrit :
> > > >
> > > >> Do we actually need a separate mailing list, or should it just
> forward
> > > to
> > > >> private@?
> > > >>
> > > >> Regards
> > > >> Scott
> > > >>
> > > >> On 25 July 2016 at 15:58, Ashish Vijaywargiya <
> > > >> ashish.vijaywarg...@hotwaxsystems.com> wrote:
> > > >>
> > > >> +1
> > > >>>
> > > >>> --
> > > >>> Kind Regards
> > > >>> Ashish Vijaywargiya
> > > >>> HotWax Systems - est. 1997
> > > >>>
> > > >>>
> > > >>> On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato <
> > > >>> jacopo.cappell...@hotwaxsystems.com> wrote:
> > > >>>
> > > >>> Rationale: every ASF project needs a private list to discuss
> product
> > >  vulnerabilities; for OFBiz the "private" list has been used for
> this
> > >  purpose until now; however an ad-hoc list may be useful because it
> > > could
> > >  provide a more focused space to discuss the security issues and
> > could
> > >  provide more flexibility to invite in the private list persons
> > willing
> > >  to
> > >  help that are trusted by the PMC.
> > > 
> > >  Please vote,
> > > 
> > >  +1
> > > 
> > >  to create a "security" list (i.e. secur...@ofbiz.apache.org) and
> > move
> > > 
> > > >>> all
> > > >>>
> > >  the security related discussions and notifications currently
> > happening
> > >  on
> > >  the private list to this new list: according to the ASF policies
> [*]
> > > the
> > >  list will be a private list used by the persons willing to help to
> > > 
> > > >>> resolve
> > > >>>
> > >  security issues; the list of subscribers will be approved by the
> > OFBiz
> > > 
> > > >>> PMC.
> > > >>>
> > >  Otherwise vote -1 to continue to use the "private" mailing list
> for
> > >  vulnerability handling.
> > > 
> > >  [*] http://www.apache.org/security/
> > > 
> > > 
> > > >
> > >
> >
> >
> >
> > --
> > Grégory Draperi
> >
>

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Scott Gray]

Ok I had a read of http://www.apache.org/security/committers.html and I see
how it works.  Looks like PMC is the default alternative "security team"
when a security list doesn't exist.

On 25 July 2016 at 21:31, gregory draperi  wrote:

> On my side I voted +1 as I thing it would be easier for me to follow
> security topics with a dedicated list.
> Furthermore, I don't need to be added to the private list as I don't
> need/want to be part of strategy or main orientations discussions for
> Ofbiz.
>
>
> 2016-07-25 11:27 GMT+02:00 Scott Gray :
>
> > Why would we do that?  Security concerns are the responsibility of the
> PMC
> > and supposed to be kept confidential until resolved aren't they?
> >
> > On 25 July 2016 at 20:31, Jacques Le Roux 
> > wrote:
> >
> > > I guess we need at least a separate list to grant access to non
> > > OFBiz-PMC/ASF members
> > >
> > > Jacques
> > >
> > >
> > >
> > > Le 25/07/2016 à 06:38, Scott Gray a écrit :
> > >
> > >> Do we actually need a separate mailing list, or should it just forward
> > to
> > >> private@?
> > >>
> > >> Regards
> > >> Scott
> > >>
> > >> On 25 July 2016 at 15:58, Ashish Vijaywargiya <
> > >> ashish.vijaywarg...@hotwaxsystems.com> wrote:
> > >>
> > >> +1
> > >>>
> > >>> --
> > >>> Kind Regards
> > >>> Ashish Vijaywargiya
> > >>> HotWax Systems - est. 1997
> > >>>
> > >>>
> > >>> On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato <
> > >>> jacopo.cappell...@hotwaxsystems.com> wrote:
> > >>>
> > >>> Rationale: every ASF project needs a private list to discuss product
> >  vulnerabilities; for OFBiz the "private" list has been used for this
> >  purpose until now; however an ad-hoc list may be useful because it
> > could
> >  provide a more focused space to discuss the security issues and
> could
> >  provide more flexibility to invite in the private list persons
> willing
> >  to
> >  help that are trusted by the PMC.
> > 
> >  Please vote,
> > 
> >  +1
> > 
> >  to create a "security" list (i.e. secur...@ofbiz.apache.org) and
> move
> > 
> > >>> all
> > >>>
> >  the security related discussions and notifications currently
> happening
> >  on
> >  the private list to this new list: according to the ASF policies [*]
> > the
> >  list will be a private list used by the persons willing to help to
> > 
> > >>> resolve
> > >>>
> >  security issues; the list of subscribers will be approved by the
> OFBiz
> > 
> > >>> PMC.
> > >>>
> >  Otherwise vote -1 to continue to use the "private" mailing list for
> >  vulnerability handling.
> > 
> >  [*] http://www.apache.org/security/
> > 
> > 
> > >
> >
>
>
>
> --
> Grégory Draperi
>

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[gregory draperi]

On my side I voted +1 as I thing it would be easier for me to follow
security topics with a dedicated list.
Furthermore, I don't need to be added to the private list as I don't
need/want to be part of strategy or main orientations discussions for Ofbiz.


2016-07-25 11:27 GMT+02:00 Scott Gray :

> Why would we do that?  Security concerns are the responsibility of the PMC
> and supposed to be kept confidential until resolved aren't they?
>
> On 25 July 2016 at 20:31, Jacques Le Roux 
> wrote:
>
> > I guess we need at least a separate list to grant access to non
> > OFBiz-PMC/ASF members
> >
> > Jacques
> >
> >
> >
> > Le 25/07/2016 à 06:38, Scott Gray a écrit :
> >
> >> Do we actually need a separate mailing list, or should it just forward
> to
> >> private@?
> >>
> >> Regards
> >> Scott
> >>
> >> On 25 July 2016 at 15:58, Ashish Vijaywargiya <
> >> ashish.vijaywarg...@hotwaxsystems.com> wrote:
> >>
> >> +1
> >>>
> >>> --
> >>> Kind Regards
> >>> Ashish Vijaywargiya
> >>> HotWax Systems - est. 1997
> >>>
> >>>
> >>> On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato <
> >>> jacopo.cappell...@hotwaxsystems.com> wrote:
> >>>
> >>> Rationale: every ASF project needs a private list to discuss product
>  vulnerabilities; for OFBiz the "private" list has been used for this
>  purpose until now; however an ad-hoc list may be useful because it
> could
>  provide a more focused space to discuss the security issues and could
>  provide more flexibility to invite in the private list persons willing
>  to
>  help that are trusted by the PMC.
> 
>  Please vote,
> 
>  +1
> 
>  to create a "security" list (i.e. secur...@ofbiz.apache.org) and move
> 
> >>> all
> >>>
>  the security related discussions and notifications currently happening
>  on
>  the private list to this new list: according to the ASF policies [*]
> the
>  list will be a private list used by the persons willing to help to
> 
> >>> resolve
> >>>
>  security issues; the list of subscribers will be approved by the OFBiz
> 
> >>> PMC.
> >>>
>  Otherwise vote -1 to continue to use the "private" mailing list for
>  vulnerability handling.
> 
>  [*] http://www.apache.org/security/
> 
> 
> >
>



-- 
Grégory Draperi

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Scott Gray]

Why would we do that?  Security concerns are the responsibility of the PMC
and supposed to be kept confidential until resolved aren't they?

On 25 July 2016 at 20:31, Jacques Le Roux 
wrote:

> I guess we need at least a separate list to grant access to non
> OFBiz-PMC/ASF members
>
> Jacques
>
>
>
> Le 25/07/2016 à 06:38, Scott Gray a écrit :
>
>> Do we actually need a separate mailing list, or should it just forward to
>> private@?
>>
>> Regards
>> Scott
>>
>> On 25 July 2016 at 15:58, Ashish Vijaywargiya <
>> ashish.vijaywarg...@hotwaxsystems.com> wrote:
>>
>> +1
>>>
>>> --
>>> Kind Regards
>>> Ashish Vijaywargiya
>>> HotWax Systems - est. 1997
>>>
>>>
>>> On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato <
>>> jacopo.cappell...@hotwaxsystems.com> wrote:
>>>
>>> Rationale: every ASF project needs a private list to discuss product
 vulnerabilities; for OFBiz the "private" list has been used for this
 purpose until now; however an ad-hoc list may be useful because it could
 provide a more focused space to discuss the security issues and could
 provide more flexibility to invite in the private list persons willing
 to
 help that are trusted by the PMC.

 Please vote,

 +1

 to create a "security" list (i.e. secur...@ofbiz.apache.org) and move

>>> all
>>>
 the security related discussions and notifications currently happening
 on
 the private list to this new list: according to the ASF policies [*] the
 list will be a private list used by the persons willing to help to

>>> resolve
>>>
 security issues; the list of subscribers will be approved by the OFBiz

>>> PMC.
>>>
 Otherwise vote -1 to continue to use the "private" mailing list for
 vulnerability handling.

 [*] http://www.apache.org/security/


>

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Jacques Le Roux]

I guess we need at least a separate list to grant access to non OFBiz-PMC/ASF 
members

Jacques


Le 25/07/2016 à 06:38, Scott Gray a écrit :

Do we actually need a separate mailing list, or should it just forward to
private@?

Regards
Scott

On 25 July 2016 at 15:58, Ashish Vijaywargiya <
ashish.vijaywarg...@hotwaxsystems.com> wrote:


+1

--
Kind Regards
Ashish Vijaywargiya
HotWax Systems - est. 1997


On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato <
jacopo.cappell...@hotwaxsystems.com> wrote:


Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move

all

the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to

resolve

security issues; the list of subscribers will be approved by the OFBiz

PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Nicolas Malin]

+1

Le 24/07/2016 à 14:32, Jacopo Cappellato a écrit :

Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Deepak Dixit]

+1

Thanks & Regards
--
Deepak Dixit
www.hotwaxsystems.com

On Mon, Jul 25, 2016 at 10:08 AM, Scott Gray 
wrote:

> Do we actually need a separate mailing list, or should it just forward to
> private@?
>
> Regards
> Scott
>
> On 25 July 2016 at 15:58, Ashish Vijaywargiya <
> ashish.vijaywarg...@hotwaxsystems.com> wrote:
>
> > +1
> >
> > --
> > Kind Regards
> > Ashish Vijaywargiya
> > HotWax Systems - est. 1997
> >
> >
> > On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato <
> > jacopo.cappell...@hotwaxsystems.com> wrote:
> >
> > > Rationale: every ASF project needs a private list to discuss product
> > > vulnerabilities; for OFBiz the "private" list has been used for this
> > > purpose until now; however an ad-hoc list may be useful because it
> could
> > > provide a more focused space to discuss the security issues and could
> > > provide more flexibility to invite in the private list persons willing
> to
> > > help that are trusted by the PMC.
> > >
> > > Please vote,
> > >
> > > +1
> > >
> > > to create a "security" list (i.e. secur...@ofbiz.apache.org) and move
> > all
> > > the security related discussions and notifications currently happening
> on
> > > the private list to this new list: according to the ASF policies [*]
> the
> > > list will be a private list used by the persons willing to help to
> > resolve
> > > security issues; the list of subscribers will be approved by the OFBiz
> > PMC.
> > >
> > > Otherwise vote -1 to continue to use the "private" mailing list for
> > > vulnerability handling.
> > >
> > > [*] http://www.apache.org/security/
> > >
> >
>

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Scott Gray]

Do we actually need a separate mailing list, or should it just forward to
private@?

Regards
Scott

On 25 July 2016 at 15:58, Ashish Vijaywargiya <
ashish.vijaywarg...@hotwaxsystems.com> wrote:

> +1
>
> --
> Kind Regards
> Ashish Vijaywargiya
> HotWax Systems - est. 1997
>
>
> On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato <
> jacopo.cappell...@hotwaxsystems.com> wrote:
>
> > Rationale: every ASF project needs a private list to discuss product
> > vulnerabilities; for OFBiz the "private" list has been used for this
> > purpose until now; however an ad-hoc list may be useful because it could
> > provide a more focused space to discuss the security issues and could
> > provide more flexibility to invite in the private list persons willing to
> > help that are trusted by the PMC.
> >
> > Please vote,
> >
> > +1
> >
> > to create a "security" list (i.e. secur...@ofbiz.apache.org) and move
> all
> > the security related discussions and notifications currently happening on
> > the private list to this new list: according to the ASF policies [*] the
> > list will be a private list used by the persons willing to help to
> resolve
> > security issues; the list of subscribers will be approved by the OFBiz
> PMC.
> >
> > Otherwise vote -1 to continue to use the "private" mailing list for
> > vulnerability handling.
> >
> > [*] http://www.apache.org/security/
> >
>

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Ashish Vijaywargiya]

+1

--
Kind Regards
Ashish Vijaywargiya
HotWax Systems - est. 1997


On Sun, Jul 24, 2016 at 6:02 PM, Jacopo Cappellato <
jacopo.cappell...@hotwaxsystems.com> wrote:

> Rationale: every ASF project needs a private list to discuss product
> vulnerabilities; for OFBiz the "private" list has been used for this
> purpose until now; however an ad-hoc list may be useful because it could
> provide a more focused space to discuss the security issues and could
> provide more flexibility to invite in the private list persons willing to
> help that are trusted by the PMC.
>
> Please vote,
>
> +1
>
> to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
> the security related discussions and notifications currently happening on
> the private list to this new list: according to the ASF policies [*] the
> list will be a private list used by the persons willing to help to resolve
> security issues; the list of subscribers will be approved by the OFBiz PMC.
>
> Otherwise vote -1 to continue to use the "private" mailing list for
> vulnerability handling.
>
> [*] http://www.apache.org/security/
>

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Julien NICOLAS]

+1


On 24/07/2016 14:32, Jacopo Cappellato wrote:

Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Jacques Le Roux]

Mmm... I must also add that ASF members have access to other PMCs private MLs

Jacques


Le 24/07/2016 à 14:56, Jacques Le Roux a écrit :

Le 24/07/2016 à 14:55, Jacques Le Roux a écrit :

Yes Michael.

Le 24/07/2016 à 14:43, Michael Brohl a écrit :
The "private" mailing list is only for PMC members of the project? 

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Sharan Foga]

+1

Thanks
Sharan

On 24/07/16 14:32, Jacopo Cappellato wrote:

Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[gil portenseigne]

+1

On 24/07/2016 14:32, Jacopo Cappellato wrote:

Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Taher Alkhateeb]

+1 good idea

On Jul 24, 2016 3:56 PM, "Jacques Le Roux" 
wrote:

Le 24/07/2016 à 14:55, Jacques Le Roux a écrit :

> Yes Michael.
>
> +1 for me also for the security list
>
> I noted that this will allow your contact info to be published here:
> https://www.apache.org/security/projects.html
>
Typo, it's : our contact info
Jacques


> Thanks
>
> Jacques
>
>
> Le 24/07/2016 à 14:43, Michael Brohl a écrit :
>
>> +1
>>
>> The "private" mailing list is only for PMC members of the project?
>>
>> Regards,
>> Michael Brohl
>> ecomify GmbH
>> www.ecomify.de
>>
>>
>> Am 24.07.16 um 14:32 schrieb Jacopo Cappellato:
>>
>>> Rationale: every ASF project needs a private list to discuss product
>>> vulnerabilities; for OFBiz the "private" list has been used for this
>>> purpose until now; however an ad-hoc list may be useful because it could
>>> provide a more focused space to discuss the security issues and could
>>> provide more flexibility to invite in the private list persons willing to
>>> help that are trusted by the PMC.
>>>
>>> Please vote,
>>>
>>> +1
>>>
>>> to create a "security" list (i.e. secur...@ofbiz.apache.org) and move
>>> all
>>> the security related discussions and notifications currently happening on
>>> the private list to this new list: according to the ASF policies [*] the
>>> list will be a private list used by the persons willing to help to
>>> resolve
>>> security issues; the list of subscribers will be approved by the OFBiz
>>> PMC.
>>>
>>> Otherwise vote -1 to continue to use the "private" mailing list for
>>> vulnerability handling.
>>>
>>> [*] http://www.apache.org/security/
>>>
>>>
>>
>>
>
>

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Jacques Le Roux]

Le 24/07/2016 à 14:55, Jacques Le Roux a écrit :

Yes Michael.

+1 for me also for the security list

I noted that this will allow your contact info to be published here: 
https://www.apache.org/security/projects.html

Typo, it's : our contact info
Jacques


Thanks

Jacques


Le 24/07/2016 à 14:43, Michael Brohl a écrit :

+1

The "private" mailing list is only for PMC members of the project?

Regards,
Michael Brohl
ecomify GmbH
www.ecomify.de


Am 24.07.16 um 14:32 schrieb Jacopo Cappellato:

Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Jacques Le Roux]

Yes Michael.

+1 for me also for the security list

I noted that this will allow your contact info to be published here: 
https://www.apache.org/security/projects.html

Thanks

Jacques


Le 24/07/2016 à 14:43, Michael Brohl a écrit :

+1

The "private" mailing list is only for PMC members of the project?

Regards,
Michael Brohl
ecomify GmbH
www.ecomify.de


Am 24.07.16 um 14:32 schrieb Jacopo Cappellato:

Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[gregory draperi]

+1

2016-07-24 14:32 GMT+02:00 Jacopo Cappellato <
jacopo.cappell...@hotwaxsystems.com>:

> Rationale: every ASF project needs a private list to discuss product
> vulnerabilities; for OFBiz the "private" list has been used for this
> purpose until now; however an ad-hoc list may be useful because it could
> provide a more focused space to discuss the security issues and could
> provide more flexibility to invite in the private list persons willing to
> help that are trusted by the PMC.
>
> Please vote,
>
> +1
>
> to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
> the security related discussions and notifications currently happening on
> the private list to this new list: according to the ASF policies [*] the
> list will be a private list used by the persons willing to help to resolve
> security issues; the list of subscribers will be approved by the OFBiz PMC.
>
> Otherwise vote -1 to continue to use the "private" mailing list for
> vulnerability handling.
>
> [*] http://www.apache.org/security/
>



-- 
Grégory Draperi

Re: [VOTE] Create the "security" mailing list for the OFBiz project

[Michael Brohl]

+1

The "private" mailing list is only for PMC members of the project?

Regards,
Michael Brohl
ecomify GmbH
www.ecomify.de


Am 24.07.16 um 14:32 schrieb Jacopo Cappellato:

Rationale: every ASF project needs a private list to discuss product
vulnerabilities; for OFBiz the "private" list has been used for this
purpose until now; however an ad-hoc list may be useful because it could
provide a more focused space to discuss the security issues and could
provide more flexibility to invite in the private list persons willing to
help that are trusted by the PMC.

Please vote,

+1

to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all
the security related discussions and notifications currently happening on
the private list to this new list: according to the ASF policies [*] the
list will be a private list used by the persons willing to help to resolve
security issues; the list of subscribers will be approved by the OFBiz PMC.

Otherwise vote -1 to continue to use the "private" mailing list for
vulnerability handling.

[*] http://www.apache.org/security/






smime.p7s
Description: S/MIME Cryptographic Signature