Related to recent discussion about various CVEs filed against Jackson (and fixed, released), I think there is need for specific forum for discussing security issues related to Jackson. Since existing mailing groups are fully archived and open to anyone (although I do have moderation rights to prevent outright spamming), and since these discussions can be quite specific, it seems like there is need for separate group or list or something.
At the same time, I don't want to: 1. Further fragment discussions, or 2. Have yet another place where I post majority of responses and comments So I thought I should gauge if there is actual interest in having a discussion forum that would be dedicated for things like - Asking questions about potential security problems, handling of security-sensitive aspects - Initial reports, suggestions of possible issues, without publishing potentially sensitive information - Coordination of work like fixes (how, who, when), as well as publishing of artifacts and information, and perhaps on how to file, update CVE information Now: although you are free to respond here, I think most useful for me would be off-the-list emails to `tatu` (or `info`) at fasterxml dot com, indicating your interest and ideally also project(s) you are involved in (or company you work for), relevant for Jackson security work. This mostly because I would be interested in knowing which frameworks / companies see this as an important area of work, and to see how wide coverage we might get (I have some numbers to suggest how Jackson is used, via platforms). I am also open to suggestions for different kinds of forums, with just one limitation: I am looking for asynchronous communication, not an interactive chat room (or similar), for this particular purpose. -+ Tatu +- -- You received this message because you are subscribed to the Google Groups "jackson-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
