Done.

On Thu, Jun 9, 2016 at 8:01 AM, Casey Stella <ceste...@gmail.com> wrote:

> So, evidently this is something only mentors or people from the Incubator
> PMC can do.
> Will one of the mentors please request this for us @
> https://infra.apache.org/officers/mlreq/incubator
> ?
>
> Thanks,
>
> Casey
>
> On Thu, Jun 9, 2016 at 10:35 AM, Casey Stella <ceste...@gmail.com> wrote:
>
> > I filed a infra ticket for this:
> > https://issues.apache.org/jira/browse/INFRA-12071
> >
> >
> > On Thu, Jun 9, 2016 at 9:43 AM, Michael Miklavcic <
> > michael.miklav...@gmail.com> wrote:
> >
> >> Hi all,
> >>
> >> Motion to create a secur...@metron.incubator.apache.org mailing list (
> >> http://apache.org/dev/committers.html#mail)
> >>
> >> Best,
> >> Michael Miklavcic
> >>
> >>
> >> On Thu, Jun 2, 2016 at 1:30 PM, Owen O'Malley <omal...@apache.org>
> wrote:
> >>
> >> > I'd also recommend that you create a
> >> secur...@metron.incubator.apache.org
> >> > for users to report any security issues they discover.
> >> >
> >> > .. Owen
> >> >
> >> > On Thu, Jun 2, 2016 at 10:28 AM, Casey Stella <ceste...@gmail.com>
> >> wrote:
> >> >
> >> > > Sorry, it's deleted now.  We will be more careful in the future.
> >> > >
> >> > > Thanks for the vigilance, Larry.
> >> > >
> >> > > Casey
> >> > >
> >> > > On Thu, Jun 2, 2016 at 1:24 PM, larry mccay <lmc...@apache.org>
> >> wrote:
> >> > >
> >> > > > All -
> >> > > >
> >> > > > Please become familiar with of the Apache process for reporting,
> >> > > > discussing, filing JIRAs and fixing security vulnerabilities [1].
> >> > > >
> >> > > > METRON-198 has exposed more than we should in a public manner and
> >> the
> >> > > > attached report should be removed.
> >> > > >
> >> > > > Details of any particular issues should only be discussed on a
> >> > project's
> >> > > > security or private list and it needs to also include the
> >> security@a.o
> >> > > > list.
> >> > > >
> >> > > > Fixes need to be discussed and agreed upon on the private list and
> >> > JIRAs
> >> > > > filed to commit the fix should be vague and as general as possible
> >> - so
> >> > > as
> >> > > > not to disclose the details of the vulnerabilities and inform the
> >> > > > development of exploits.
> >> > > >
> >> > > > Also, pay attention to the CVE related aspects of the process in
> the
> >> > page
> >> > > > referenced below.
> >> > > >
> >> > > > thanks,
> >> > > >
> >> > > > --larry
> >> > > >
> >> > > > 1. http://www.apache.org/security/committers.html
> >> > > >
> >> > >
> >> >
> >>
> >
> >
>

Reply via email to