+1 for having ooo-secur...@incubator.apache.org, because
- old OOo mailing lists will probably die some day
- other people are now participating in Apache OOo, who don't work
on OOo/LO
- (Old) OOo doesn't release security updates anymore, I guess.
I am still on vacation until 06/25. That the
On 07.07.2011 02:21, Greg Stein wrote:
I don't believe that we need our own security address since I doubt
we'll have that many *incoming* issues. Those reports can go to
secur...@apache.org, and that team will forward them to the PPMC.
Many is a quantity that is hard to compare with ;-). From
[I am reminded that the best way to talk to the PPMC is on ooo-dev and there is
benefit in so doing. Here goes.]
PROPOSAL
ooo-security@incubator.a.o be set up as a private list and a selection of not
more than 10 security-aware PPMC members be subscribed to it. We need to work
out what the
On Wed, Jul 6, 2011 at 3:02 PM, Dennis E. Hamilton orc...@apache.org wrote:
[I am reminded that the best way to talk to the PPMC is on ooo-dev and there
is benefit in so doing. Here goes.]
PROPOSAL
ooo-security@incubator.a.o be set up as a private list and a selection of not
more than 10
...@gmail.com [mailto:rabas...@gmail.com] On Behalf Of Rob Weir
Sent: Wednesday, July 06, 2011 14:40
To: ooo-dev@incubator.apache.org
Subject: Re: [DISCUSS] Creation of ooo-security List
On Wed, Jul 6, 2011 at 3:02 PM, Dennis E. Hamilton orc...@apache.org wrote:
[I am reminded that the best way
Dennis E. Hamilton wrote on Wed, Jul 06, 2011 at 15:35:46 -0700:
To make this conversation concrete: I have security issues I want to
raise, which is what had me looking into this in the first place.
Then please report them to security@a.o and/or ooo-private@.
Dennis E. Hamilton wrote on Wed, Jul 06, 2011 at 12:02:31 -0700:
I've learned that the Apache approach is for each PMC taking the lead
in handling security matters related to its releases. To maintain the
security of security matters, the practice is to have a private list
(for us,
In some ways, the larger the security group, the quicker the solution rate.
Security patched will need to be checked before they are committed, so the
issue fixed doesn't break 3 other parts of the code.
On Wed, Jul 6, 2011 at 6:54 PM, Daniel Shahaf d...@daniel.shahaf.namewrote:
Dennis E.
...@gmail.com [mailto:rabas...@gmail.com] On Behalf Of Rob Weir
Sent: Wednesday, July 06, 2011 14:40
To: ooo-dev@incubator.apache.org
Subject: Re: [DISCUSS] Creation of ooo-security List
On Wed, Jul 6, 2011 at 3:02 PM, Dennis E. Hamilton orc...@apache.org wrote:
[I am reminded that the best
Of Rob Weir
Sent: Wednesday, July 06, 2011 16:10
To: ooo-dev@incubator.apache.org; dennis.hamil...@acm.org
Subject: Re: [DISCUSS] Creation of ooo-security List
On Wed, Jul 6, 2011 at 6:35 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
Well, vulnerabilities are vulnerabilities
@project lists?
- Dennis
-Original Message-
From: Daniel Shahaf [mailto:d...@daniel.shahaf.name]
Sent: Wednesday, July 06, 2011 15:54
To: OOo-dev Apache Incubator
Subject: Re: [DISCUSS] Creation of ooo-security List
Dennis E. Hamilton wrote on Wed, Jul 06, 2011 at 12:02:31 -0700:
I've
On Wed, Jul 6, 2011 at 18:35, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
Well, vulnerabilities are vulnerabilities and if there is an exposure in
current code or in documents produced in current code, isn't that a concern
for us now? Why would it not be?
Also, I don't presume that
12 matches
Mail list logo