I think, that the topic would deserve a few more replies. Jochen
On Fri, Dec 15, 2017 at 6:07 PM, sebb <seb...@gmail.com> wrote: > On 15 December 2017 at 16:12, Matt Sicker <boa...@gmail.com> wrote: >> There certainly are several ASF projects that have dedicated security@ >> mailing lists (e.g., Tomcat has one). Would bug reporters still just email >> secur...@apache.org and then security@ would forward to the appropriate >> commons list? > > Either. > > If they mail security@a.o then they will forward to security@commons > > If they mail security@commons, then security@a.o is automatically copied. > >> On 15 December 2017 at 08:03, Gilles <gil...@harfang.homelinux.org> wrote: >> >>> On Fri, 15 Dec 2017 12:13:12 +0100, Jochen Wiedmann wrote: >>> >>>> Hi, >>>> >>>> over the last months we have definitely seen our share of security >>>> related issues. However, I also noticed that we had a tendency to >>>> loose these threads in the overall noise, resulting in mails like "Did >>>> anyone reply to the reporter?" >>>> >>>> No, according to Linus Torvalds, that is perfectly fine, because a >>>> security issue is "just another bug". However, I am not Linus, and >>>> would like to see these things in a better state. >>>> >>>> As a consequence, I'd like to question how others are handling this. >>>> Could we have a mailing list, like secur...@commons.apache.org, >>>> >>> >>> +1 >>> >>> Gilles >>> >>> preferrably with subscription limited to private@ members, and >>>> secur...@apache.org subscribed automatically. (In theory, we could >>>> subscribe selected committers, too.) >>>> >>>> At the very least, this would allow us to create a filter for security >>>> related messages, thereby concentrate our attention. >>>> >>>> Jochen >>>> >>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >>> For additional commands, e-mail: dev-h...@commons.apache.org >>> >>> >> >> >> -- >> Matt Sicker <boa...@gmail.com> > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > -- The next time you hear: "Don't reinvent the wheel!" http://www.keystonedevelopment.co.uk/wp-content/uploads/2014/10/evolution-of-the-wheel-300x85.jpg --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org