I'm working on a future post for the AOOo project blog. The topic is generally about security at Apache and the process of responding to reports of security vulnerabilities, best practices, etc.. I'd like to provide information about the "how" but also the "why" about how we do things the way we do.
Mark Thomas, from the Apache Security Team, has consented to let me interview him. I'm planning to base the blog post on an edited transcript of the interview. To make this post as useful as possible, I'm looking for questions from project members and users. If you have any ideas for good questions, please respond to this note, on ooo-dev@incubator.apache.org, I'm hoping to do the interview in one week. Thanks! -Rob