Re: [VOTE] tomcat-commiters list
Costin Manolache wrote: I would like to propose a new mailing list. The list will be closed to commiters only. The main purpose will be discussions of security and other special issues. This should avoid [Cc] threads. The main target should be active commiters - so it should start empty. This is a majority vote. [ ] I agree with the proposal [ ] I don't agree with the proposal I agree if it cover only discussions about security, but discussions and features should stay in tomcat-dev. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [VOTE] tomcat-commiters list
I agree with the proposal * ** *** ** * ** *** ** * ** *** ** * This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. Any views or opinions presented are solely those of the author, and do not necessarily represent those of ESB. If you have received this email in error please notify the sender. Although ESB scans e-mail and attachments for viruses, it does not guarantee that either are virus-free and accepts no liability for any damage sustained as a result of viruses. * ** *** ** * ** *** ** * ** *** ** * -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] tomcat-commiters list
[X] I agree with the proposal [ ] I don't agree with the proposal Fine for another non-committer. PLS cont. to read the dev list too ;-) Bob Costin Manolache wrote: I would like to propose a new mailing list. The list will be closed to commiters only. The main purpose will be discussions of security and other special issues. This should avoid [Cc] threads. The main target should be active commiters - so it should start empty. This is a majority vote. [ ] I agree with the proposal [ ] I don't agree with the proposal -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [VOTE] tomcat-commiters list
-Original Message- From: Costin Manolache [mailto:[EMAIL PROTECTED]] Sent: Monday, October 14, 2002 1:24 PM To: [EMAIL PROTECTED] Subject: [VOTE] tomcat-commiters list I would like to propose a new mailing list. The list will be closed to commiters only. The main purpose will be discussions of security and other special issues. This should avoid [Cc] threads. The main target should be active commiters - so it should start empty. This is a majority vote. [X] I agree with the proposal [ ] I don't agree with the proposal Larry -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] tomcat-commiters list
Costin Manolache wrote: I would like to propose a new mailing list. The list will be closed to commiters only. The main purpose will be discussions of security and other special issues. This should avoid [Cc] threads. The main target should be active commiters - so it should start empty. This is a majority vote. [X] I agree with the proposal [ ] I don't agree with the proposal Glenn -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] tomcat-commiters list
The list will be closed to commiters only. The main purpose will be discussions of security and other special issues. This should avoid [Cc] threads. The main target should be active commiters - so it should start empty. This is a majority vote. [X ] I agree with the proposal [ ] I don't agree with the proposal -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
[VOTE] tomcat-commiters list
I would like to propose a new mailing list. The list will be closed to commiters only. The main purpose will be discussions of security and other special issues. This should avoid [Cc] threads. The main target should be active commiters - so it should start empty. This is a majority vote. [ ] I agree with the proposal [ ] I don't agree with the proposal -- Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] tomcat-commiters list
Costin Manolache wrote: I would like to propose a new mailing list. The list will be closed to commiters only. The main purpose will be discussions of security and other special issues. This should avoid [Cc] threads. The main target should be active commiters - so it should start empty. This is a majority vote. [X] I agree with the proposal [ ] I don't agree with the proposal Remy -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [VOTE] tomcat-commiters list
Though I'm not a committer and thus can't vote I think a legitimate concern created by a list like this would be that the real bulk of threads that should occur on the tomcat developer list might migrate into this closed list and away from the more public view. Just a thought to consider. Jason -Original Message- I would like to propose a new mailing list. The list will be closed to commiters only. The main purpose will be discussions of security and other special issues. This should avoid [Cc] threads. The main target should be active commiters - so it should start empty. This is a majority vote. [ ] I agree with the proposal [ ] I don't agree with the proposal -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] tomcat-commiters list
The proposal needs to identify a moderator. The moderator will be the one who approves subscription requests (as well as filtering out spam). - Sam Ruby -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] tomcat-commiters list
- Original Message - From: Costin Manolache [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, October 14, 2002 10:24 AM Subject: [VOTE] tomcat-commiters list I would like to propose a new mailing list. The list will be closed to commiters only. The main purpose will be discussions of security and other special issues. This should avoid [Cc] threads. The main target should be active commiters - so it should start empty. This is a majority vote. [ ] I agree with the proposal [X] I don't agree with the proposal Security holes don't occur often enough to bother with maintaining the active committers list, and there isn't much point in the list otherwise. Plus, segregating the security concerns simply would make the mbox archives a must-bookmark for every black-hat. :) -- Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] tomcat-commiters list
Sam Ruby wrote: The proposal needs to identify a moderator. The moderator will be the one who approves subscription requests (as well as filtering out spam). I can do that. ( unless someone else wants to ). -- Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] tomcat-commiters list
Bill Barker wrote: I would like to propose a new mailing list. The list will be closed to commiters only. The main purpose will be discussions of security and other special issues. This should avoid [Cc] threads. The main target should be active commiters - so it should start empty. This is a majority vote. [ ] I agree with the proposal [X] I don't agree with the proposal Security holes don't occur often enough to bother with maintaining the active committers list, and there isn't much point in the list otherwise. Plus, segregating the security concerns simply would make the mbox archives a must-bookmark for every black-hat. :) Aparently they do occur more often than we would like. And I've been in at least 4 Cc: chains in the last 2 months. Whoever is in the the apache security list or PMC should forward tomcat security problems to a known address where it can be addressed. It is not only for security - but any issue that we might consider 'private' ( again, it is better than using the Cc: ). -- Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] tomcat-commiters list
There's currently a call for project committers to be on the [EMAIL PROTECTED] list. This list intends to be the clearinghouse for all ASF project related security issues, not just httpd. Costin, Craig, et al.: the deal seems to be that each major project version have someone who's a committer subscribed as a project liason. So it might make sense if you both signed up, or if other committers wanted to step forward...I would leave that to you all to figure out. Not to short-circuit a Tomcat committers list, because there may well be issues other than security to deal with, and it would make sense to have information flow between security@ and a proposed tomcat-committers@ anyway (I'm thinking the detailed hashing of fixes would happen on the latter list). Just my $0.02. Chuck On Monday, October 14, 2002, at 12:14 PM, Costin Manolache wrote: Bill Barker wrote: I would like to propose a new mailing list. The list will be closed to commiters only. The main purpose will be discussions of security and other special issues. This should avoid [Cc] threads. The main target should be active commiters - so it should start empty. This is a majority vote. [ ] I agree with the proposal [X] I don't agree with the proposal Security holes don't occur often enough to bother with maintaining the active committers list, and there isn't much point in the list otherwise. Plus, segregating the security concerns simply would make the mbox archives a must-bookmark for every black-hat. :) Aparently they do occur more often than we would like. And I've been in at least 4 Cc: chains in the last 2 months. Whoever is in the the apache security list or PMC should forward tomcat security problems to a known address where it can be addressed. It is not only for security - but any issue that we might consider 'private' ( again, it is better than using the Cc: ). -- Costin -- To unsubscribe, e-mail: mailto:tomcat-dev- [EMAIL PROTECTED] For additional commands, e-mail: mailto:tomcat-dev- [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] tomcat-commiters list
On 14/10/02 19:45, Sam Ruby [EMAIL PROTECTED] wrote: The proposal needs to identify a moderator. The moderator will be the one who approves subscription requests (as well as filtering out spam). And AFAIK, we've roughly always said no to extra mailing list (but -dev -cvs and -users) to keep all projects more-or-less in sync... Pier -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] tomcat-commiters list
Chuck Murcko wrote: There's currently a call for project committers to be on the [EMAIL PROTECTED] list. This list intends to be the clearinghouse for all ASF project related security issues, not just httpd. Costin, Craig, et al.: the deal seems to be that each major project version have someone who's a committer subscribed as a project liason. So it might make sense if you both signed up, or if other committers wanted to step forward...I would leave that to you all to figure out. Not to short-circuit a Tomcat committers list, because there may well be issues other than security to deal with, and it would make sense to have information flow between security@ and a proposed tomcat-committers@ anyway (I'm thinking the detailed hashing of fixes would happen on the latter list). Regarding [EMAIL PROTECTED] - I think that all who play the role of release manager should be on the list ( i.e. Remy, Larry, Mladen, Henri). It seems to be open for a limited number of 'liasons' ( I hope it is more than one, as we have several major components ). My preference is that any tomcat commiter who is interested to be able to get this info and discuss ( and hopefully fix ) tomcat security issues. I hope that whoever gets the security messages will fix them or forward them to tomcat-commiters - but that's of course his choice. If the apache list is open to any commiter - I'll certainly subscribe ( and I hope most active tomcat commiters will do the same ! ), but that doesn't remove the need for a private list for tomcat commiters. Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: [VOTE] tomcat-commiters list
Jason Corley wrote: Though I'm not a committer and thus can't vote I think a legitimate concern created by a list like this would be that the real bulk of threads that should occur on the tomcat developer list might migrate into this closed list and away from the more public view. Just a thought to consider. Sorry I didn't made this more clear. The tomcat-dev mailing list is and remains the place where all development issues are discussed. I think there are plenty of tomcat commiters who wouldn't allow such thing to happen. -- Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] tomcat-commiters list
On Monday, October 14, 2002, at 01:40 PM, Costin Manolache wrote: Chuck Murcko wrote: There's currently a call for project committers to be on the [EMAIL PROTECTED] list. This list intends to be the clearinghouse for all ASF project related security issues, not just httpd. Costin, Craig, et al.: the deal seems to be that each major project version have someone who's a committer subscribed as a project liason. So it might make sense if you both signed up, or if other committers wanted to step forward...I would leave that to you all to figure out. Not to short-circuit a Tomcat committers list, because there may well be issues other than security to deal with, and it would make sense to have information flow between security@ and a proposed tomcat-committers@ anyway (I'm thinking the detailed hashing of fixes would happen on the latter list). Regarding [EMAIL PROTECTED] - I think that all who play the role of release manager should be on the list ( i.e. Remy, Larry, Mladen, Henri). It seems to be open for a limited number of 'liasons' ( I hope it is more than one, as we have several major components ). My preference is that any tomcat commiter who is interested to be able to get this info and discuss ( and hopefully fix ) tomcat security issues. I hope that whoever gets the security messages will fix them or forward them to tomcat-commiters - but that's of course his choice. If the apache list is open to any commiter - I'll certainly subscribe ( and I hope most active tomcat commiters will do the same ! ), but that doesn't remove the need for a private list for tomcat commiters. Yes, the security list is open to all committers, and it is not a 1:1 mapping of projects to committers/subscribers. Definitely all the RMs should be on it, as well as interested committers from each project/major component. I should have said at least one somewhere before, especially if a fix needs to get rolled out quickly and precisely. As for other issues needing a private and local (to Tomcat) list, I must leave that to you all to decide. After thinking about it a bit more MHO is that a separate committers list really sounds equivalent to having committer participation on the PMC list for jakarta, if that is possible. Chuck -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] tomcat-commiters list
On Tue, 2002-10-15 at 03:24, Costin Manolache wrote: I would like to propose a new mailing list. The list will be closed to commiters only. The main purpose will be discussions of security and other special issues. This should avoid [Cc] threads. The main target should be active commiters - so it should start empty. This is a majority vote. [X] I agree with the proposal [ ] I don't agree with the proposal -- Costin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: [VOTE] tomcat-commiters list
Costin Manolache wrote: I would like to propose a new mailing list. The list will be closed to commiters only. The main purpose will be discussions of security and other special issues. This should avoid [Cc] threads. The main target should be active commiters - so it should start empty. This is a majority vote. [X] I agree with the proposal [ ] I don't agree with the proposal -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]