Jesse Ruderman wrote:
How about having a sublist to which users can send reports of new security
bugs, so not all members of the list have to recieve all the spam?
.../discussion.
Agreed. [EMAIL PROTECTED] should be reserved for new reports, not
used for long discussion.
Reporters are
Mitchell Stoltz wrote:
Then we'll post a message
on a Known Vulnerabilities page, similar to what other open source
projects maintain. Then, any Mozilla vendor or distributor who wants to
inform their users about the existence of a bug can use the information
from the Mozilla page, but
Mitchell Stoltz wrote:
As module owner, I'd be happy to maintain that page, along with
whoever we pick as peers. As with the rest of this proposal, I expect
that the amount of information disclosed on the public page will be
decided by consensus among the security group on a per-bug
