Bill Barker wrote: >> I would like to propose a new mailing list. >> >> The list will be closed to commiters only. The main purpose >> will be discussions of security and other special issues. >> This should avoid [Cc] threads. >> >> The main target should be active commiters - so it should >> start empty. >> >> This is a majority vote. >> >> [ ] I agree with the proposal >> [X] I don't agree with the proposal > > Security holes don't occur often enough to bother with maintaining the > "active committers" list, and there isn't much point in the list > otherwise. Plus, segregating the security concerns simply would make the > mbox archives a must-bookmark for every black-hat. :)
Aparently they do occur more often than we would like. And I've been in at least 4 Cc: chains in the last 2 months. Whoever is in the the apache security list or PMC should forward tomcat security problems to a known address where it can be addressed. It is not only for security - but any issue that we might consider 'private' ( again, it is better than using the Cc: ). -- Costin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>