Re: Security mailing list

Anyone want to find/update the website references? On 20 December 2017 at 14:13, sebb wrote: > BTW it's all set up now. > > On 19 December 2017 at 20:24, Jochen Wiedmann > wrote: >> On Tue, Dec 19, 2017 at 6:47 PM, Gary Gregory

Re: Security mailing list

BTW it's all set up now. On 19 December 2017 at 20:24, Jochen Wiedmann wrote: > On Tue, Dec 19, 2017 at 6:47 PM, Gary Gregory wrote: >> Request submitted! > > Thanks a lot! > > -- > The next time you hear: "Don't reinvent the wheel!" > >

Re: Security mailing list

On Tue, Dec 19, 2017 at 6:47 PM, Gary Gregory wrote: > Request submitted! Thanks a lot! -- The next time you hear: "Don't reinvent the wheel!" http://www.keystonedevelopment.co.uk/wp-content/uploads/2014/10/evolution-of-the-wheel-300x85.jpg

Re: Security mailing list

Request submitted! Gary On Tue, Dec 19, 2017 at 10:09 AM, Jochen Wiedmann wrote: > On Tue, Dec 19, 2017 at 5:22 PM, sebb wrote: > > > selfserve.apache.org > > > Access restricted to PMC chairs only! > > So, it looks like a task for Gary? > >

Re: Security mailing list

On Tue, Dec 19, 2017 at 5:22 PM, sebb wrote: > selfserve.apache.org Access restricted to PMC chairs only! So, it looks like a task for Gary? Jochen -- The next time you hear: "Don't reinvent the wheel!"

Re: Security mailing list

selfserve.apache.org On 19 December 2017 at 13:58, Jochen Wiedmann wrote: > On Tue, Dec 19, 2017 at 2:05 PM, Mark Thomas wrote: > >> Jira not required. Use The standard mailing list request form. If you >> request a security@ list the extra

Re: Security mailing list

On Tue, Dec 19, 2017 at 2:05 PM, Mark Thomas wrote: > Jira not required. Use The standard mailing list request form. If you request > a security@ list the extra stuff (make it private, cc securiry@a.o on all > mail) happens automatically. Thanks, Mark! But what is the

Re: Security mailing list

On 19 December 2017 11:37:48 GMT+00:00, Jochen Wiedmann wrote: >Okay, in my opinion the response indicates, that my proposal is >acceptable to all. Do we need a formal vote? (I hope not.) So, how do >we proceed? Would it be okay for me to file a Jira issue? > >Thanks,

Re: Security mailing list

Okay, in my opinion the response indicates, that my proposal is acceptable to all. Do we need a formal vote? (I hope not.) So, how do we proceed? Would it be okay for me to file a Jira issue? Thanks, Jochen -- The next time you hear: "Don't reinvent the wheel!"

Re: Security mailing list

On 18 December 2017 at 05:11, Stefan Bodewig wrote: > Hi > > first of all I'm +0. > > On 2017-12-15, Jochen Wiedmann wrote: > >> As a consequence, I'd like to question how others are handling this. >> Could we have a mailing list, like secur...@commons.apache.org, >>

Re: Security mailing list

Hi first of all I'm +0. On 2017-12-15, Jochen Wiedmann wrote: > As a consequence, I'd like to question how others are handling this. > Could we have a mailing list, like secur...@commons.apache.org, > preferrably with subscription limited to private@ members, and > secur...@apache.org

Re: Security mailing list

On 2017-12-17 16:07, Gary Gregory wrote: > I there a requirement to double post to s@a.o? If not switching from s@a.o > to s@c.a.o seems ok. I understand, that s@a.o can be subscribed to s@c.a.o, so there would be no need for double posting. [1] Jochen 1:

Re: Security mailing list

On Sun, Dec 17, 2017 at 6:47 PM, Gary Gregory wrote: > If they only post to s@a.o, then they will forward to s@c.a.o > > > Who will do this forwarding? The same persons, or mechanisms, which are forwarding to private @c.a.o now. Jochen -- The next time you hear:

Re: Security mailing list

On Dec 17, 2017 08:39, "sebb" wrote: On 17 December 2017 at 15:07, Gary Gregory wrote: > I there a requirement to double post to s@a.o? If not switching from s@a.o > to s@c.a.o seems ok. Huh? Not sure where the double post ref comes from. All security

Re: Security mailing list

On 17 December 2017 at 15:07, Gary Gregory wrote: > I there a requirement to double post to s@a.o? If not switching from s@a.o > to s@c.a.o seems ok. Huh? Not sure where the double post ref comes from. All security issues must be copied to s@a.o. This is done

Re: Security mailing list

I there a requirement to double post to s@a.o? If not switching from s@a.o to s@c.a.o seems ok. Gary On Dec 17, 2017 03:31, "Jochen Wiedmann" wrote: > I think, that the topic would deserve a few more replies. > > Jochen > > > On Fri, Dec 15, 2017 at 6:07 PM, sebb

Re: Security mailing list

+0 or +1. Seems ok. > On Dec 17, 2017, at 7:21 AM, Jacques Le Roux > wrote: > > +1 > > Jacques > > >> Le 17/12/2017 à 12:22, Romain Manni-Bucau a écrit : >> +1 >> >> Le 17 déc. 2017 12:14, "Mark Thomas" a écrit : >> >>> On 15/12/2017 11:13,

Re: Security mailing list

+1 Jacques Le 17/12/2017 à 12:22, Romain Manni-Bucau a écrit : +1 Le 17 déc. 2017 12:14, "Mark Thomas" a écrit : On 15/12/2017 11:13, Jochen Wiedmann wrote: Hi, over the last months we have definitely seen our share of security related issues. However, I also noticed

Re: Security mailing list

+1 Le 17 déc. 2017 12:14, "Mark Thomas" a écrit : > On 15/12/2017 11:13, Jochen Wiedmann wrote: > > Hi, > > > > over the last months we have definitely seen our share of security > > related issues. However, I also noticed that we had a tendency to > > loose these threads in

Re: Security mailing list

On 15/12/2017 11:13, Jochen Wiedmann wrote: > Hi, > > over the last months we have definitely seen our share of security > related issues. However, I also noticed that we had a tendency to > loose these threads in the overall noise, resulting in mails like "Did > anyone reply to the reporter?" >

Re: Security mailing list

I think, that the topic would deserve a few more replies. Jochen On Fri, Dec 15, 2017 at 6:07 PM, sebb wrote: > On 15 December 2017 at 16:12, Matt Sicker wrote: >> There certainly are several ASF projects that have dedicated security@ >> mailing lists

Re: Security mailing list

On 15 December 2017 at 16:12, Matt Sicker wrote: > There certainly are several ASF projects that have dedicated security@ > mailing lists (e.g., Tomcat has one). Would bug reporters still just email > secur...@apache.org and then security@ would forward to the appropriate >

Re: Security mailing list

There certainly are several ASF projects that have dedicated security@ mailing lists (e.g., Tomcat has one). Would bug reporters still just email secur...@apache.org and then security@ would forward to the appropriate commons list? On 15 December 2017 at 08:03, Gilles

Re: [All] Finer-grained MLs (Was: Security mailing list)

On 15 December 2017 at 14:08, Gilles wrote: > On Fri, 15 Dec 2017 12:13:12 +0100, Jochen Wiedmann wrote: >> >> [...] >> Could we have a mailing list, like secur...@commons.apache.org, >> [...] > > > I'd like to expand the suggestion: make component-specific MLs for >

[All] Finer-grained MLs (Was: Security mailing list)

On Fri, 15 Dec 2017 12:13:12 +0100, Jochen Wiedmann wrote: [...] Could we have a mailing list, like secur...@commons.apache.org, [...] I'd like to expand the suggestion: make component-specific MLs for automatically generated messages (GitHub, JIRA, Nexus) so that people not actively involved

Re: Security mailing list

On Fri, 15 Dec 2017 12:13:12 +0100, Jochen Wiedmann wrote: Hi, over the last months we have definitely seen our share of security related issues. However, I also noticed that we had a tendency to loose these threads in the overall noise, resulting in mails like "Did anyone reply to the

Security mailing list

Hi, over the last months we have definitely seen our share of security related issues. However, I also noticed that we had a tendency to loose these threads in the overall noise, resulting in mails like "Did anyone reply to the reporter?" No, according to Linus Torvalds, that is perfectly fine,