On 18 December 2017 at 05:11, Stefan Bodewig <bode...@apache.org> wrote: > Hi > > first of all I'm +0. > > On 2017-12-15, Jochen Wiedmann wrote: > >> As a consequence, I'd like to question how others are handling this. >> Could we have a mailing list, like secur...@commons.apache.org, >> preferrably with subscription limited to private@ members, and >> secur...@apache.org subscribed automatically. (In theory, we could >> subscribe selected committers, too.) > > My guess is we won't get people subscribed who are familiar enough with > the code for every component. In the end the subscribers of the security > list will need to reach out to the private list to deal with the issues > so I'm not sure the new list would be helping much. But I won't stand in > the way.
Even if (nearly) everyone on the PMC ends up being subscribed to the security list, IMO it should still help to keep track of issues. We cannot use standard JIRA or Bugzilla because they are public. So +1 from me. > Stefan > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org For additional commands, e-mail: dev-h...@commons.apache.org
