While not eligible to vote I'd like to give my thumbs-up for this proposal.
I think it is a step forward in taking more control of vulnerability reports. There will unfortunately always be people not following best/responsible practices because they are not interested in fixing the problem but rather to have a CVE out there with their name on it.
Mark _______________________________________________ Geoserver-devel mailing list Geoserver-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-devel
