when to post to security list?
Hi, could anybody tell me in which case a security problem needs to be posted to security at apache.org? Is there a web page? Thanks Ortwin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: when to post to security list?
Ortwin, There are general guidelines at http://httpd.apache.org/security_report.html. Basically, if you suspect a security issue, let [EMAIL PROTECTED] know. Let them worry about filtering it and possibly coming back to you with a message like no, this is not an issue, because... ;) Yoav --- Ortwin Glück [EMAIL PROTECTED] wrote: Hi, could anybody tell me in which case a security problem needs to be posted to security at apache.org? Is there a web page? Thanks Ortwin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Yoav Shapira System Design and Management Fellow MIT Sloan School of Management Cambridge, MA, USA [EMAIL PROTECTED] / www.yoavshapira.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: when to post to security list?
Yoav, Sorry, stupid me didn't know [EMAIL PROTECTED] was for httpd only. I guess then every project has to maintain it's own security mail address if it needs that. I also guess there is no central handling of security issues for all ASF projects. I further guess publishing of vulnerabilities is completely up to the committers. Correct me if I am wrong. Cheers Odi Yoav Shapira wrote: Ortwin, There are general guidelines at http://httpd.apache.org/security_report.html. Basically, if you suspect a security issue, let [EMAIL PROTECTED] know. Let them worry about filtering it and possibly coming back to you with a message like no, this is not an issue, because... ;) Yoav - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Action Items: Jakarta Http Components
So, to move HttpClient up we need: 1) svn move (what is the new svn directory name to be?) 2) update the asf-authorization file 3) update the Jakarta navigation etc 4) move the httpclient site 5) make sure htaccess redirect is in place from old site 6) mailing list rename 7) what am I missing? 2 has to be the PMC chair, so once I know what 1) is I'll do both 1 and 2 at the same time. 6 means a request of to asf-infrastructure. Hen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Action Items: Jakarta Http Components
On Fri, Nov 04, 2005 at 09:57:26AM -0500, Henri Yandell wrote: So, to move HttpClient up we need: 1) svn move (what is the new svn directory name to be?) Done. The svn directory can be found here: http://svn.apache.org/repos/asf/jakarta/httpcomponents/ 2) update the asf-authorization file 3) update the Jakarta navigation etc 4) move the httpclient site We would like to keep Jakarta Commons HttpClient where it is until Jakarta HttpClient 4.0 is ready (has an RC quality release). Jakarta Commons HttpClient and Jakarta HttpComponents will have to co-exist for an interim period of time 5) make sure htaccess redirect is in place from old site We are working on getting the new site up, which will point at the existing HttpClient site 6) mailing list rename 7) what am I missing? We have an action plan in the HttpClient Wiki. Feel free to put it to a good use http://wiki.apache.org/jakarta-httpclient/HttpComponentsActionPlan 2 has to be the PMC chair, so once I know what 1) is I'll do both 1 and 2 at the same time. 6 means a request of to asf-infrastructure. Many thanks for helping us Cheers, Oleg Hen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]