Hello Zayyad, Thank you for the excellent question.
The security list is a list that only committers and PMC members can view. But anyone can send emails to it. The security list can be used to report security vulnerabilities. It can also be used to handle responses to those vulnerabilities. If you are wondering how security vulnerabilities are handled at Apache, this is an excellent guide: https://www.apache.org/security/committers.html When we started a security list it was to replace the use of the private list for planning security responses. One potential advantage to this change is that committers can participate, whereas only PMC members can participate on private. By creating the security list, we offered all of our committers a promotion. : o) Best Regards, Myrle On Wed, Dec 5, 2018 at 11:54 AM Zayyad A. Said < zay...@intrasofttechnologies.com> wrote: > Dear Myrle, > > Was the list created to serve a special purpose other than what the dev > list serves? > > It's critical to understand the purpose of the list before one subscribes > to it. > > Kindly enlighten us. > > Regards, > > Zayyad A. Said > On Wed, Dec 5, 2018, 13:16 Myrle Krantz <my...@apache.org> wrote: > >> Current subscribees are: >> >> * me >> * Ed >> * Vishwas >> >> Thank you Ed and Vishwas for sharing responsibility for this critical >> aspect of our project. >> >> Potential subscribees are anyone who has a committership or is on the PMC >> of Fineract. >> >> If you wish to subscribe please write an email to >> security-subscr...@fineract.apache.org. If you have any difficulties, >> please write an email to dev@fineract.apache.org to let us know. >> >> Unless people start subscribing, I will ask INFRA to remove the mailing >> list. With so few people subscribed, the security mailing list cannot >> serve its purpose, and will be more of a problem than a solution. >> >> Best Regards, >> Myrle >> >
