As you know I am no fan of management tasks. If you have time for this it would be great if you could set it up. Otherwise I will try to do it over the next weekend. A new mailing list would be one way to go, the other possibility is to register the core module maintainers (your, Richard, me) for all the core modules there.
> Am 15.01.2018 um 02:50 schrieb Ivan Vučica <[email protected]>: > > I don't recall it, but it seems like a good idea. > > I don't have a preference. Perhaps particular project's maintainer? Or > perhaps we can (instead of a single person) have a closed-off security > discussion list, with a limited number of invite-only participants? > Can we do that on gnu.org? > > Do you feel like setting this up? > > On Sun, Jan 14, 2018 at 6:54 PM, Fred Kiefer <[email protected]> wrote: >> I remember we talked about this before, maybe at the Dublin meeting. There >> is the option to set up GNUstep on scan.coverity.com to have the code >> automatically checked for known vulnerabilities. At the time we did discuss >> this there wasn’t support for Objective-C but this seems to have been added: >> >> https://www.synopsys.com/content/dam/synopsys/sig-assets/datasheets/CWE-CC-Objective-C.pdf >> >> What are your opinions on this? In the beginning it will require some extra >> effort to fix the found weaknesses and somehow to flag the false positives. >> And who should be in charge of getting the reports? The idea here is that >> only the person registered for the project will get the report to prevent >> 0-day issues becoming public too soon. >> >> Fred _______________________________________________ Gnustep-dev mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnustep-dev
