osdir.com

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Almost no one is subscribed to our security mailing list


Thanks Myrle for that clarification.

With the restrictions to be only viewed by PMC members and committers but
receive emails from all then it's important to maintain the list.

Probably most of us were not aware of it and that's why people had not
subscribed to it.

Regards,


On Wed, Dec 5, 2018, 14:48 Myrle Krantz <myrle@xxxxxxxxxx> wrote:

> Hello Zayyad,
>
> Thank you for the excellent question.
>
> The security list is a list that only committers and PMC members can view.
> But anyone can send emails to it.  The security list can be used to report
> security vulnerabilities.  It can also be used to handle responses to those
> vulnerabilities.
>
> If you are wondering how security vulnerabilities are handled at Apache,
> this is an excellent guide:
> https://www.apache.org/security/committers.html
>
> When we started a security list it was to replace the use of the private
> list for planning security responses.  One potential advantage to this
> change is that committers can participate, whereas only PMC members can
> participate on private.
>
> By creating the security list, we offered all of our committers a
> promotion.  : o)
>
> Best Regards,
> Myrle
>
>
> On Wed, Dec 5, 2018 at 11:54 AM Zayyad A. Said <
> zayyad@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
>
> > Dear Myrle,
> >
> > Was the list created to serve a special purpose other than what the dev
> > list serves?
> >
> > It's critical to understand the purpose of the list before one subscribes
> > to it.
> >
> > Kindly enlighten us.
> >
> > Regards,
> >
> > Zayyad A. Said
> > On Wed, Dec 5, 2018, 13:16 Myrle Krantz <myrle@xxxxxxxxxx> wrote:
> >
> >> Current subscribees are:
> >>
> >> * me
> >> * Ed
> >> * Vishwas
> >>
> >> Thank you Ed and Vishwas for sharing responsibility for this critical
> >> aspect of our project.
> >>
> >> Potential subscribees are anyone who has a committership or is on the
> PMC
> >> of Fineract.
> >>
> >> If you wish to subscribe please write an email to
> >> security-subscribe@xxxxxxxxxxxxxxxxxxx.  If you have any difficulties,
> >> please write an email to dev@xxxxxxxxxxxxxxxxxxx to let us know.
> >>
> >> Unless people start subscribing, I will ask INFRA to remove the mailing
> >> list.  With so few people subscribed, the security mailing list cannot
> >> serve its purpose, and will be more of a problem than a solution.
> >>
> >> Best Regards,
> >> Myrle
> >>
> >
>