For what it's worth, I'm not disagreeing that there needs to be
another list. Clearly, really serious security issues should at
least be delayed from being made public. However, I think there
needs to be a bit more paranoia about how this list manifests
itself.
Any "behind closed doors" discussions have the potential for alienating
the non-committer community. Determining what conversations are
appropriate for this other list is a very slippery slope. It's
already been proposed that votes for new committers be discussed there
first. What's next? And if the other list starts being used for
determining what should be discussed on the other list, it's all
over. Sort of like the U.S. congress being in charge of their own
pay raises.
As a commiter I voted +1 if the discussions on the list where ONLY about
security and not features and others devel related subjects.
It shouldn't be a 'behind closed doors' discussion area.
As a non-committer but long-time subscriber to this list, my opinion
is that _all_ messages on "the other" list must absolutely show up
here eventually, at some delay. Otherwise, there is no longer any
transparency. (This is also the biggest reason it's better than
CCed e-mails; because the messages will always be public at some
point.)
Since the discussion will be about security, we could send a digest
in the CVS fixes as soon as the thread has been closed and problems fixed.
--
To unsubscribe, e-mail: <mailto:tomcat-dev-unsubscribe@;jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@;jakarta.apache.org>