osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Almost no one is subscribed to our security mailing list


Myrle,

I think the reason nobody has subscribed is it probably got buried in the
bottom of that other email thread on Nov 28. I think your email above helps
to clarify the list is now available, who can subscribe and that messages
can be sent to it by any individual.

We should update the Fineract website correct? I will update the Mifos
website as to the purpose of this additional list.

Ed



On Wed, Dec 5, 2018 at 3:48 AM Myrle Krantz <myrle@xxxxxxxxxx> wrote:

> Hello Zayyad,
>
> Thank you for the excellent question.
>
> The security list is a list that only committers and PMC members can
> view.  But anyone can send emails to it.  The security list can be used to
> report security vulnerabilities.  It can also be used to handle responses
> to those vulnerabilities.
>
> If you are wondering how security vulnerabilities are handled at Apache,
> this is an excellent guide:
> https://www.apache.org/security/committers.html
>
> When we started a security list it was to replace the use of the private
> list for planning security responses.  One potential advantage to this
> change is that committers can participate, whereas only PMC members can
> participate on private.
>
> By creating the security list, we offered all of our committers a
> promotion.  : o)
>
> Best Regards,
> Myrle
>
>
> On Wed, Dec 5, 2018 at 11:54 AM Zayyad A. Said <
> zayyad@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
>> Dear Myrle,
>>
>> Was the list created to serve a special purpose other than what the dev
>> list serves?
>>
>> It's critical to understand the purpose of the list before one subscribes
>> to it.
>>
>> Kindly enlighten us.
>>
>> Regards,
>>
>> Zayyad A. Said
>> On Wed, Dec 5, 2018, 13:16 Myrle Krantz <myrle@xxxxxxxxxx> wrote:
>>
>>> Current subscribees are:
>>>
>>> * me
>>> * Ed
>>> * Vishwas
>>>
>>> Thank you Ed and Vishwas for sharing responsibility for this critical
>>> aspect of our project.
>>>
>>> Potential subscribees are anyone who has a committership or is on the PMC
>>> of Fineract.
>>>
>>> If you wish to subscribe please write an email to
>>> security-subscribe@xxxxxxxxxxxxxxxxxxx.  If you have any difficulties,
>>> please write an email to dev@xxxxxxxxxxxxxxxxxxx to let us know.
>>>
>>> Unless people start subscribing, I will ask INFRA to remove the mailing
>>> list.  With so few people subscribed, the security mailing list cannot
>>> serve its purpose, and will be more of a problem than a solution.
>>>
>>> Best Regards,
>>> Myrle
>>>
>>

-- 
*Ed Cable*
President/CEO, Mifos Initiative
edcable@xxxxxxxxx | Skype: edcable | Mobile: +1.484.477.8649

*Collectively Creating a World of 3 Billion Maries | *http://mifos.org
<http://facebook.com/mifos>  <http://www.twitter.com/mifos>