For what it's worth, I'm not disagreeing that there needs to be another list. Clearly, really serious security issues should at
least be delayed from being made public. However, I think there needs to be a bit more paranoia about how this list manifests itself.
Any "behind closed doors" discussions have the potential for alienating
the non-committer community. Determining what conversations are appropriate for this other list is a very slippery slope. It's already been proposed that votes for new committers be discussed there first. What's next? And if the other list starts being used for determining what should be discussed on the other list, it's all over. Sort of like the U.S. congress being in charge of their own pay raises.
As a commiter I voted +1 if the discussions on the list where ONLY about security and not features and others devel related subjects. It shouldn't be a 'behind closed doors' discussion area.
As a non-committer but long-time subscriber to this list, my opinion is that _all_ messages on "the other" list must absolutely show up here eventually, at some delay. Otherwise, there is no longer any transparency. (This is also the biggest reason it's better than CCed e-mails; because the messages will always be public at some point.)
Since the discussion will be about security, we could send a digest in the CVS fixes as soon as the thread has been closed and problems fixed. -- To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org> For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>
