+1 Le 17 déc. 2017 12:14, "Mark Thomas" <ma...@apache.org> a écrit :
> On 15/12/2017 11:13, Jochen Wiedmann wrote: > > Hi, > > > > over the last months we have definitely seen our share of security > > related issues. However, I also noticed that we had a tendency to > > loose these threads in the overall noise, resulting in mails like "Did > > anyone reply to the reporter?" > > > > No, according to Linus Torvalds, that is perfectly fine, because a > > security issue is "just another bug". However, I am not Linus, and > > would like to see these things in a better state. > > > > As a consequence, I'd like to question how others are handling this. > > Could we have a mailing list, like secur...@commons.apache.org, > > preferrably with subscription limited to private@ members, and > > secur...@apache.org subscribed automatically. (In theory, we could > > subscribe selected committers, too.) > > +1 > > Works for me. > > Mark > > > > > At the very least, this would allow us to create a filter for security > > related messages, thereby concentrate our attention. > > > > Jochen > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >
