I there a requirement to double post to s@a.o? If not switching from s@a.o to s@c.a.o seems ok.
Gary On Dec 17, 2017 03:31, "Jochen Wiedmann" <jochen.wiedm...@gmail.com> wrote: > I think, that the topic would deserve a few more replies. > > Jochen > > > On Fri, Dec 15, 2017 at 6:07 PM, sebb <seb...@gmail.com> wrote: > > On 15 December 2017 at 16:12, Matt Sicker <boa...@gmail.com> wrote: > >> There certainly are several ASF projects that have dedicated security@ > >> mailing lists (e.g., Tomcat has one). Would bug reporters still just > email > >> secur...@apache.org and then security@ would forward to the appropriate > >> commons list? > > > > Either. > > > > If they mail security@a.o then they will forward to security@commons > > > > If they mail security@commons, then security@a.o is automatically > copied. > > > >> On 15 December 2017 at 08:03, Gilles <gil...@harfang.homelinux.org> > wrote: > >> > >>> On Fri, 15 Dec 2017 12:13:12 +0100, Jochen Wiedmann wrote: > >>> > >>>> Hi, > >>>> > >>>> over the last months we have definitely seen our share of security > >>>> related issues. However, I also noticed that we had a tendency to > >>>> loose these threads in the overall noise, resulting in mails like "Did > >>>> anyone reply to the reporter?" > >>>> > >>>> No, according to Linus Torvalds, that is perfectly fine, because a > >>>> security issue is "just another bug". However, I am not Linus, and > >>>> would like to see these things in a better state. > >>>> > >>>> As a consequence, I'd like to question how others are handling this. > >>>> Could we have a mailing list, like secur...@commons.apache.org, > >>>> > >>> > >>> +1 > >>> > >>> Gilles > >>> > >>> preferrably with subscription limited to private@ members, and > >>>> secur...@apache.org subscribed automatically. (In theory, we could > >>>> subscribe selected committers, too.) > >>>> > >>>> At the very least, this would allow us to create a filter for security > >>>> related messages, thereby concentrate our attention. > >>>> > >>>> Jochen > >>>> > >>> > >>> > >>> --------------------------------------------------------------------- > >>> To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > >>> For additional commands, e-mail: dev-h...@commons.apache.org > >>> > >>> > >> > >> > >> -- > >> Matt Sicker <boa...@gmail.com> > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > > For additional commands, e-mail: dev-h...@commons.apache.org > > > > > > -- > The next time you hear: "Don't reinvent the wheel!" > > http://www.keystonedevelopment.co.uk/wp-content/uploads/2014/10/ > evolution-of-the-wheel-300x85.jpg > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >