On 17 December 2017 at 15:07, Gary Gregory <[email protected]> wrote: > I there a requirement to double post to [email protected]? If not switching from [email protected] > to [email protected] seems ok.
Huh? Not sure where the double post ref comes from. All security issues must be copied to [email protected]. This is done automatically if users post to [email protected]. If they only post to [email protected], then they will forward to [email protected] > Gary > > On Dec 17, 2017 03:31, "Jochen Wiedmann" <[email protected]> wrote: > >> I think, that the topic would deserve a few more replies. >> >> Jochen >> >> >> On Fri, Dec 15, 2017 at 6:07 PM, sebb <[email protected]> wrote: >> > On 15 December 2017 at 16:12, Matt Sicker <[email protected]> wrote: >> >> There certainly are several ASF projects that have dedicated security@ >> >> mailing lists (e.g., Tomcat has one). Would bug reporters still just >> email >> >> [email protected] and then security@ would forward to the appropriate >> >> commons list? >> > >> > Either. >> > >> > If they mail [email protected] then they will forward to security@commons >> > >> > If they mail security@commons, then [email protected] is automatically >> copied. >> > >> >> On 15 December 2017 at 08:03, Gilles <[email protected]> >> wrote: >> >> >> >>> On Fri, 15 Dec 2017 12:13:12 +0100, Jochen Wiedmann wrote: >> >>> >> >>>> Hi, >> >>>> >> >>>> over the last months we have definitely seen our share of security >> >>>> related issues. However, I also noticed that we had a tendency to >> >>>> loose these threads in the overall noise, resulting in mails like "Did >> >>>> anyone reply to the reporter?" >> >>>> >> >>>> No, according to Linus Torvalds, that is perfectly fine, because a >> >>>> security issue is "just another bug". However, I am not Linus, and >> >>>> would like to see these things in a better state. >> >>>> >> >>>> As a consequence, I'd like to question how others are handling this. >> >>>> Could we have a mailing list, like [email protected], >> >>>> >> >>> >> >>> +1 >> >>> >> >>> Gilles >> >>> >> >>> preferrably with subscription limited to private@ members, and >> >>>> [email protected] subscribed automatically. (In theory, we could >> >>>> subscribe selected committers, too.) >> >>>> >> >>>> At the very least, this would allow us to create a filter for security >> >>>> related messages, thereby concentrate our attention. >> >>>> >> >>>> Jochen >> >>>> >> >>> >> >>> >> >>> --------------------------------------------------------------------- >> >>> To unsubscribe, e-mail: [email protected] >> >>> For additional commands, e-mail: [email protected] >> >>> >> >>> >> >> >> >> >> >> -- >> >> Matt Sicker <[email protected]> >> > >> > --------------------------------------------------------------------- >> > To unsubscribe, e-mail: [email protected] >> > For additional commands, e-mail: [email protected] >> > >> >> >> >> -- >> The next time you hear: "Don't reinvent the wheel!" >> >> http://www.keystonedevelopment.co.uk/wp-content/uploads/2014/10/ >> evolution-of-the-wheel-300x85.jpg >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> For additional commands, e-mail: [email protected] >> >> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
