+1 Thanks Sharan
On 24/07/16 14:32, Jacopo Cappellato wrote:
Rationale: every ASF project needs a private list to discuss product vulnerabilities; for OFBiz the "private" list has been used for this purpose until now; however an ad-hoc list may be useful because it could provide a more focused space to discuss the security issues and could provide more flexibility to invite in the private list persons willing to help that are trusted by the PMC. Please vote, +1 to create a "security" list (i.e. secur...@ofbiz.apache.org) and move all the security related discussions and notifications currently happening on the private list to this new list: according to the ASF policies [*] the list will be a private list used by the persons willing to help to resolve security issues; the list of subscribers will be approved by the OFBiz PMC. Otherwise vote -1 to continue to use the "private" mailing list for vulnerability handling. [*] http://www.apache.org/security/