On May 31, 2010, at 5:02 PM, Alex Busenius wrote: > Hello, > > > The new mailing list [email protected] was created. All core commiters > will be on this list. > > This is *not* an announcement list, it is meant for technical > discussions about security issues. However, everyone can write to this > mailing list, e.g. to report security issues (mails will be reviewed by > the administrator first). > > If somebody else is interested in contributing to discussions on that > list, he or she should write a mail on the dev-list asking for access. > If the commiters agree (meaning that nobody is -1 on it, similar to a > proposal) this person will get access.
We also need to define who can get access. IMO: - persons who have submitted security issues in jira - persons who've submitted security patches - persons who have been contributing to xwiki for a long time WDYT? Thanks -Vincent > Alex > > > On 05/26/2010 01:02 PM, Alex Busenius wrote: >> Hello devs, >> >> >> I propose to introduce a security mailing list ([email protected]) to >> discuss details of security issues. >> >> This list should be private, with only committers and trusted >> contributors having read and write access. Anyone who proved his good >> intentions on the dev-list and bug tracker should be able to get access >> to security-list through the usual vote procedure. >> >> The purpose of this list is to give a safe place to discuss details open >> security issues without giving all script kiddies in the world examples >> to write exploits. The discussions should be kept on this private list >> until the corresponding fix is released. >> >> WDYT? >> >> >> Alex _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
