Ok, please, do not spam this list with all the notes of interest! :-D So far I have heard back from just one developer who would be interested.
Looks like I may have somewhat overestimated community interest in security aspects of data processing. Still -- my mailbox is always open. So if you happen to find this message or original via googling, and think it'd be useful to have a new forum, speak up. I have plenty of other things to work on. -+ Tatu +- On Fri, Apr 6, 2018 at 3:23 PM, Tatu Saloranta <t...@fasterxml.com> wrote: > Related to recent discussion about various CVEs filed against Jackson > (and fixed, released), I think there is need for specific forum for > discussing security issues related to Jackson. > Since existing mailing groups are fully archived and open to anyone > (although I do have moderation rights to prevent outright spamming), > and since these discussions can be quite specific, it seems like there > is need for separate group or list or something. > > At the same time, I don't want to: > > 1. Further fragment discussions, or > 2. Have yet another place where I post majority of responses and comments > > So I thought I should gauge if there is actual interest in having a > discussion forum that would be dedicated for things like > > - Asking questions about potential security problems, handling of > security-sensitive aspects > - Initial reports, suggestions of possible issues, without publishing > potentially sensitive information > - Coordination of work like fixes (how, who, when), as well as > publishing of artifacts and information, and perhaps on how to file, > update CVE information > > Now: although you are free to respond here, I think most useful for me > would be off-the-list emails to `tatu` (or `info`) at fasterxml dot > com, indicating your interest and ideally also project(s) you are > involved in (or company you work for), relevant for Jackson security > work. This mostly because I would be interested in knowing which > frameworks / companies see this as an important area of work, and to > see how wide coverage we might get (I have some numbers to suggest how > Jackson is used, via platforms). > > I am also open to suggestions for different kinds of forums, with just > one limitation: I am looking for asynchronous communication, not an > interactive chat room (or similar), for this particular purpose. > > -+ Tatu +- -- You received this message because you are subscribed to the Google Groups "jackson-user" group. To unsubscribe from this group and stop receiving emails from it, send an email to jackson-user+unsubscr...@googlegroups.com. To post to this group, send email to jackson-user@googlegroups.com. For more options, visit https://groups.google.com/d/optout.