Hi, over the last months we have definitely seen our share of security related issues. However, I also noticed that we had a tendency to loose these threads in the overall noise, resulting in mails like "Did anyone reply to the reporter?"
No, according to Linus Torvalds, that is perfectly fine, because a security issue is "just another bug". However, I am not Linus, and would like to see these things in a better state. As a consequence, I'd like to question how others are handling this. Could we have a mailing list, like secur...@commons.apache.org, preferrably with subscription limited to private@ members, and secur...@apache.org subscribed automatically. (In theory, we could subscribe selected committers, too.) At the very least, this would allow us to create a filter for security related messages, thereby concentrate our attention. Jochen -- The next time you hear: "Don't reinvent the wheel!" http://www.keystonedevelopment.co.uk/wp-content/uploads/2014/10/evolution-of-the-wheel-300x85.jpg --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
