10:07:34 AM, Rahkonen Jukka <
>>> jukka.rahko...@maanmittauslaitos.fi> wrote:
>>>
>>>> +1
>>>>
>>>>
>>>>
>>>> -Jukka Rahkonen-
>>>>
>>>>
>>>>
>>>>
ahko...@maanmittauslaitos.fi> wrote:
>>
>>> +1
>>>
>>>
>>>
>>> -Jukka Rahkonen-
>>>
>>>
>>>
>>> *Lähettäjä:* Andrea Aime
>>> *Lähetetty:* lauantai 30. syyskuuta 2023 18.47
>>> *Vastaanotta
dy Garnett
>> *Kopio:* Torben Barsballe ; Geoserver-devel <
>> geoserver-devel@lists.sourceforge.net>; Alessio Fabiani <
>> alessio.fabi...@geosolutionsgroup.com>; Ian Turton ;
>> Rahkonen Jukka ; Simone
>> Giannecchini ; Nuno Oliveira <
>> nuno.olive.
uno Oliveira <
> nuno.olive...@geosolutionsgroup.com>
> *Aihe:* Re: [Geoserver-devel] Proposal [GSIP 220] - Revised Security
> Policy and CVE handling
>
>
>
> +1
>
>
>
> Cheers
>
> Andrea
>
>
>
> On Sat, Sep 30, 2023 at 12:04 AM Jody Gar
220] - Revised Security Policy and
CVE handling
+1
Cheers
Andrea
On Sat, Sep 30, 2023 at 12:04 AM Jody Garnett
mailto:jody.garn...@gmail.com>> wrote:
Reminder to vote on this topic, I understand security is a difficult topic to
discuss in public anyone is welcome to reach out to me di
+1
Cheers
Andrea
On Sat, Sep 30, 2023 at 12:04 AM Jody Garnett
wrote:
> Reminder to vote on this topic, I understand security is a difficult topic
> to discuss in public anyone is welcome to reach out to me directly for
> questions/clarifications. The proposal has been clarified and refined
Reminder to vote on this topic, I understand security is a difficult topic
to discuss in public anyone is welcome to reach out to me directly for
questions/clarifications. The proposal has been clarified and refined from
the questions and response provided thus far.
Project Steering Committee:
While not eligible to vote I'd like to give my thumbs-up for this proposal.
I think it is a step forward in taking more control of vulnerability
reports. There will unfortunately always be people not following
best/responsible practices because they are not interested in fixing the
problem
+1
On 2023-09-12 14:36, Jody Garnett wrote:
Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220
Overview is using the GitHub "private vulnerability reporting" to
assign CVE numbers we control to our known security issues.
--
Jody Garnett
It has been 10 days, I would like to request an extension on this proposal
as I believe it is good response for the project.
Jody
On Fri, Sep 15, 2023 at 11:54 AM Torben Barsballe
wrote:
> +1
>
> The Feedback section read as a little confusing (probably because the tone
> of the document
That's a lot easier to follow, thanks.
Cheers,
Torben
On Wed, Sep 20, 2023 at 3:45 AM Jody Garnett wrote:
> Thanks, the GSIP has been revised with "volunteer", "researcher",
> "National CVE Numbering Authority" and the exchanges separated for clarity.
> --
> Jody Garnett
>
>
> On Sep 15, 2023
Thanks, the GSIP has been revised with "volunteer", "researcher",
"National CVE Numbering Authority" and the exchanges separated for clarity.
--
Jody Garnett
On Sep 15, 2023 at 11:54:19 AM, Torben Barsballe
wrote:
> +1
>
> The Feedback section read as a little confusing (probably because the
+1
The Feedback section read as a little confusing (probably because the tone
of the document switched from descriptive to conversational). A short blurb
providing some context at the start, or some indication of personas
throughout ( i.e. quoted sections being identified as security researchers,
Proposal is here: https://github.com/geoserver/geoserver/wiki/GSIP-220
Overview is using the GitHub "private vulnerability reporting" to assign
CVE numbers we control to our known security issues.
--
Jody Garnett
___
Geoserver-devel mailing list
14 matches
Mail list logo