Re: Request: New Mailing List for Security-oriented community
Hi root4dm; you can get a subscribe link and see the archives here https://lists.apache.org/list.html?security-disc...@community.apache.org Note we've only mentioned the list in the ApacheCon presentation and we're waiting for that presentation to be archived public before mentioning this list to the wider ASF community via the members list. Regards, Mark J Cox ASF Security On Mon, Sep 27, 2021 at 11:31 AM r00t4dm wrote: > Hi, > > I want to know, How to subscribe to this mail list. > > r00t4dm > > Cloud-Penetrating Arrow Lab of Meituan Corp Information Security Department > > > Bertrand Delacretaz 于2021年9月27日周一 下午4:27写道: > > > Hi, > > > > On Mon, Sep 20, 2021 at 8:27 AM Mark J. Cox wrote: > > > ...I still like this living in the community project though, because > the > > likely outcome > > > of the discussion are collation of resources and practices and the > right > > place for them is in comdev... > > > > Same here, and a Special Interest Group homepage might be good as > > well, see > > > https://wiki.apache.org/confluence/display/COMDEV/Special+Interests+Groups+hosted+by+the+comdev+PMC > > > > Those haven't happened so far due to lack of concrete interest, but > > making them happen is easy. > > > > -Bertrand > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > For additional commands, e-mail: dev-h...@community.apache.org > > > > >
Re: Request: New Mailing List for Security-oriented community
Vào 17:31, Th 2, 27 thg 9, 2021 r00t4dm Hi, > > I want to know, How to subscribe to this mail list. > > r00t4dm > > Cloud-Penetrating Arrow Lab of Meituan Corp Information Security Department > > > Bertrand Delacretaz 于2021年9月27日周一 下午4:27写道: > > > Hi, > > > > On Mon, Sep 20, 2021 at 8:27 AM Mark J. Cox wrote: > > > ...I still like this living in the community project though, because > the > > likely outcome > > > of the discussion are collation of resources and practices and the > right > > place for them is in comdev... > > > > Same here, and a Special Interest Group homepage might be good as > > well, see > > > https://wiki.apache.org/confluence/display/COMDEV/Special+Interests+Groups+hosted+by+the+comdev+PMC > > > > Those haven't happened so far due to lack of concrete interest, but > > making them happen is easy. > > > > -Bertrand > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > For additional commands, e-mail: dev-h...@community.apache.org > > > > >
Re: Request: New Mailing List for Security-oriented community
Hi, On Mon, Sep 20, 2021 at 8:27 AM Mark J. Cox wrote: > ...I still like this living in the community project though, because the > likely outcome > of the discussion are collation of resources and practices and the right > place for them is in comdev... Same here, and a Special Interest Group homepage might be good as well, see https://wiki.apache.org/confluence/display/COMDEV/Special+Interests+Groups+hosted+by+the+comdev+PMC Those haven't happened so far due to lack of concrete interest, but making them happen is easy. -Bertrand - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Request: New Mailing List for Security-oriented community
Thanks, would someone in community PMC be able to submit the request to create the list? https://selfserve.apache.org/mail.html (subscribers to post, otherwise moderated), Regards, Mark On Mon, Sep 20, 2021 at 6:24 PM Craig Russell wrote: > +1 for security-disc...@community.apache.org > > Craig > > > On Sep 19, 2021, at 11:27 PM, Mark J. Cox wrote: > > > > On 2021/09/19 21:44:34, Dave Fisher wrote: > >> This is a good idea. Assuming that this is a public list then either > pick another name, or do not use self serve to request it, instead use an > INFRA JIRA ticket. > >> > >> Security@ lists requested through self serve become private mailing > lists with emails mirrored on secur...@apache.org. > > > > That's a great point, the "security@*" prefix has a special meaning, > and "secure-development" or "secdev" limits the scope. "security-discuss@" > was mentioned as an alternative, and that would match the way we have a > "legal-discuss@". > > > > I still like this living in the community project though, because the > likely outcome of the discussion are collation of resources and practices > and the right place for them is in comdev. > > > > So how does security-disc...@community.apache.org sound? > > > > Cheers, Mark > > > > - > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > For additional commands, e-mail: dev-h...@community.apache.org > > > > Craig L Russell > c...@apache.org > > > - > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > >
Re: Request: New Mailing List for Security-oriented community
+1 for security-disc...@community.apache.org Craig > On Sep 19, 2021, at 11:27 PM, Mark J. Cox wrote: > > On 2021/09/19 21:44:34, Dave Fisher wrote: >> This is a good idea. Assuming that this is a public list then either pick >> another name, or do not use self serve to request it, instead use an INFRA >> JIRA ticket. >> >> Security@ lists requested through self serve become private mailing lists >> with emails mirrored on secur...@apache.org. > > That's a great point, the "security@*" prefix has a special meaning, and > "secure-development" or "secdev" limits the scope. "security-discuss@" was > mentioned as an alternative, and that would match the way we have a > "legal-discuss@". > > I still like this living in the community project though, because the likely > outcome of the discussion are collation of resources and practices and the > right place for them is in comdev. > > So how does security-disc...@community.apache.org sound? > > Cheers, Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > Craig L Russell c...@apache.org - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Request: New Mailing List for Security-oriented community
I like the idea of security-discuss. Helps highlight that it's not the list to report vulnerabilities to unlike seclists or security@ addresses. On Mon, Sep 20, 2021 at 1:27 AM Mark J. Cox wrote: > > On 2021/09/19 21:44:34, Dave Fisher wrote: > > This is a good idea. Assuming that this is a public list then either pick > > another name, or do not use self serve to request it, instead use an INFRA > > JIRA ticket. > > > > Security@ lists requested through self serve become private mailing lists > > with emails mirrored on secur...@apache.org. > > That's a great point, the "security@*" prefix has a special meaning, and > "secure-development" or "secdev" limits the scope. "security-discuss@" was > mentioned as an alternative, and that would match the way we have a > "legal-discuss@". > > I still like this living in the community project though, because the likely > outcome of the discussion are collation of resources and practices and the > right place for them is in comdev. > > So how does security-disc...@community.apache.org sound? > > Cheers, Mark > > - > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > For additional commands, e-mail: dev-h...@community.apache.org > - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Request: New Mailing List for Security-oriented community
On 2021/09/19 21:44:34, Dave Fisher wrote: > This is a good idea. Assuming that this is a public list then either pick > another name, or do not use self serve to request it, instead use an INFRA > JIRA ticket. > > Security@ lists requested through self serve become private mailing lists > with emails mirrored on secur...@apache.org. That's a great point, the "security@*" prefix has a special meaning, and "secure-development" or "secdev" limits the scope. "security-discuss@" was mentioned as an alternative, and that would match the way we have a "legal-discuss@". I still like this living in the community project though, because the likely outcome of the discussion are collation of resources and practices and the right place for them is in comdev. So how does security-disc...@community.apache.org sound? Cheers, Mark - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Request: New Mailing List for Security-oriented community
This is a good idea. Assuming that this is a public list then either pick another name, or do not use self serve to request it, instead use an INFRA JIRA ticket. Security@ lists requested through self serve become private mailing lists with emails mirrored on secur...@apache.org. Sent from my iPhone > On Sep 19, 2021, at 1:01 PM, Brian Proffitt wrote: > > As efforts like the Open Source Security Foundation gain traction in the > FLOSS ecosystem, the ASF has a unique opportunity to provide guidance to > its projects on the topic of security best practices. To facilitate an open > and collaborative process, the group would like to request the > configuration of a new mailing list, secur...@community.apache.org. > > The new list will enable interested participants and members of the ASF > share best practices and build a collaborative community around infosec > that ultimately should create a more security development environment for > Apache projects. > > If at all possible, I would like to request approval for this new list > as soon as possible. Mark would like to reference this week in his > ApacheCon keynote, and due to personal travel, I was a bit negligent in > getting this request out in a timely manner. This is my fault, and I > apologize for the rush request. > > Thanks, > Brian > > -- > Brian Proffitt > Member, Apache Community Development PMC > Red Hat Open Source Program Office - To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
Re: Request: New Mailing List for Security-oriented community
+1 On Sun, Sep 19, 2021 at 10:01 PM Brian Proffitt wrote: > As efforts like the Open Source Security Foundation gain traction in the > FLOSS ecosystem, the ASF has a unique opportunity to provide guidance to > its projects on the topic of security best practices. To facilitate an open > and collaborative process, the group would like to request the > configuration of a new mailing list, secur...@community.apache.org. > > The new list will enable interested participants and members of the ASF > share best practices and build a collaborative community around infosec > that ultimately should create a more security development environment for > Apache projects. > > If at all possible, I would like to request approval for this new list > as soon as possible. Mark would like to reference this week in his > ApacheCon keynote, and due to personal travel, I was a bit negligent in > getting this request out in a timely manner. This is my fault, and I > apologize for the rush request. > > Thanks, > Brian > > -- > Brian Proffitt > Member, Apache Community Development PMC > Red Hat Open Source Program Office >
Request: New Mailing List for Security-oriented community
As efforts like the Open Source Security Foundation gain traction in the FLOSS ecosystem, the ASF has a unique opportunity to provide guidance to its projects on the topic of security best practices. To facilitate an open and collaborative process, the group would like to request the configuration of a new mailing list, secur...@community.apache.org. The new list will enable interested participants and members of the ASF share best practices and build a collaborative community around infosec that ultimately should create a more security development environment for Apache projects. If at all possible, I would like to request approval for this new list as soon as possible. Mark would like to reference this week in his ApacheCon keynote, and due to personal travel, I was a bit negligent in getting this request out in a timely manner. This is my fault, and I apologize for the rush request. Thanks, Brian -- Brian Proffitt Member, Apache Community Development PMC Red Hat Open Source Program Office
