Done. On Thu, Jun 9, 2016 at 8:01 AM, Casey Stella <ceste...@gmail.com> wrote:
> So, evidently this is something only mentors or people from the Incubator > PMC can do. > Will one of the mentors please request this for us @ > https://infra.apache.org/officers/mlreq/incubator > ? > > Thanks, > > Casey > > On Thu, Jun 9, 2016 at 10:35 AM, Casey Stella <ceste...@gmail.com> wrote: > > > I filed a infra ticket for this: > > https://issues.apache.org/jira/browse/INFRA-12071 > > > > > > On Thu, Jun 9, 2016 at 9:43 AM, Michael Miklavcic < > > michael.miklav...@gmail.com> wrote: > > > >> Hi all, > >> > >> Motion to create a secur...@metron.incubator.apache.org mailing list ( > >> http://apache.org/dev/committers.html#mail) > >> > >> Best, > >> Michael Miklavcic > >> > >> > >> On Thu, Jun 2, 2016 at 1:30 PM, Owen O'Malley <omal...@apache.org> > wrote: > >> > >> > I'd also recommend that you create a > >> secur...@metron.incubator.apache.org > >> > for users to report any security issues they discover. > >> > > >> > .. Owen > >> > > >> > On Thu, Jun 2, 2016 at 10:28 AM, Casey Stella <ceste...@gmail.com> > >> wrote: > >> > > >> > > Sorry, it's deleted now. We will be more careful in the future. > >> > > > >> > > Thanks for the vigilance, Larry. > >> > > > >> > > Casey > >> > > > >> > > On Thu, Jun 2, 2016 at 1:24 PM, larry mccay <lmc...@apache.org> > >> wrote: > >> > > > >> > > > All - > >> > > > > >> > > > Please become familiar with of the Apache process for reporting, > >> > > > discussing, filing JIRAs and fixing security vulnerabilities [1]. > >> > > > > >> > > > METRON-198 has exposed more than we should in a public manner and > >> the > >> > > > attached report should be removed. > >> > > > > >> > > > Details of any particular issues should only be discussed on a > >> > project's > >> > > > security or private list and it needs to also include the > >> security@a.o > >> > > > list. > >> > > > > >> > > > Fixes need to be discussed and agreed upon on the private list and > >> > JIRAs > >> > > > filed to commit the fix should be vague and as general as possible > >> - so > >> > > as > >> > > > not to disclose the details of the vulnerabilities and inform the > >> > > > development of exploits. > >> > > > > >> > > > Also, pay attention to the CVE related aspects of the process in > the > >> > page > >> > > > referenced below. > >> > > > > >> > > > thanks, > >> > > > > >> > > > --larry > >> > > > > >> > > > 1. http://www.apache.org/security/committers.html > >> > > > > >> > > > >> > > >> > > > > >
