It is already slow enough... I submitted a vulnerability which I think at least can be 7 points, to an apache project (not this one) the day before yesterday.
And they have not finished the investigation yet...two days already... And considering this is in vocation, it is normal to assume the actions will be slower when it is in work-days. I know nearly everybody here is a volunteer, myself also be. I'm not complaining what, but I just wanna say, things in apache are already slow, maybe too slow for solving some emergency vulnerability. And now we would add another 72-hour voting procedure... Xeno Amess <xenoam...@gmail.com> 于2022年1月3日周一 23:39写道: > +0 > > I just worried several things. > > 1. Will it make the cve's fix come out more slowly? > A vote means waiting for 72 hours usually. > > 2. Do all PMC who enter the vote always have enough ability and knowledge > for notifying how severe a vulnerability? Some vulnerabilities are, seems > small problem, nothing at all, but would actually do very much damage. > > > Carter Kozak <cko...@ckozak.net> 于2022年1月3日周一 22:53写道: > >> +1 >> >> -ck >> >> > On Jan 3, 2022, at 6:59 AM, Volkan Yazıcı <vol...@yazi.ci> wrote: >> > >> > Hello, >> > >> > As discussed earlier[1], this is a vote to introduce the process that >> > enforces CVE submissions and their content should be first subject to >> > voting using the (private) `secur...@logging.apache.org` mailing list. >> > >> > [] +1, accept the process >> > [] -1, object to the process because... >> > >> > The vote will remain open for 72 hours (or more if required). All >> > votes are welcome and we encourage everyone to participate, but only >> > Logging PMC votes are “officially” counted. As always, at least 3 +1 >> > votes and more positive than negative votes are required. >> > >> > Kind regards. >> > >> > [1] https://lists.apache.org/thread/qd7mr5pt9kby3lkz4j49304tkqgm9yhl >> >>
