+0 or +1. Seems ok. > On Dec 17, 2017, at 7:21 AM, Jacques Le Roux <jacques.le.r...@les7arts.com> > wrote: > > +1 > > Jacques > > >> Le 17/12/2017 à 12:22, Romain Manni-Bucau a écrit : >> +1 >> >> Le 17 déc. 2017 12:14, "Mark Thomas" <ma...@apache.org> a écrit : >> >>> On 15/12/2017 11:13, Jochen Wiedmann wrote: >>>> Hi, >>>> >>>> over the last months we have definitely seen our share of security >>>> related issues. However, I also noticed that we had a tendency to >>>> loose these threads in the overall noise, resulting in mails like "Did >>>> anyone reply to the reporter?" >>>> >>>> No, according to Linus Torvalds, that is perfectly fine, because a >>>> security issue is "just another bug". However, I am not Linus, and >>>> would like to see these things in a better state. >>>> >>>> As a consequence, I'd like to question how others are handling this. >>>> Could we have a mailing list, like secur...@commons.apache.org, >>>> preferrably with subscription limited to private@ members, and >>>> secur...@apache.org subscribed automatically. (In theory, we could >>>> subscribe selected committers, too.) >>> +1 >>> >>> Works for me. >>> >>> Mark >>> >>>> At the very least, this would allow us to create a filter for security >>>> related messages, thereby concentrate our attention. >>>> >>>> Jochen >>>> >>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org >>> For additional commands, e-mail: dev-h...@commons.apache.org >>> >>> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org >
--------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
