26 May
2010
26 May
'10
2:58 p.m.
big +1 for both
Denis
On Wed, May 26, 2010 at 14:37, Thomas Mortagne <thomas.mortagne(a)xwiki.com>wrote;wrote:
On Wed, May 26, 2010 at 13:34, Vincent Massol
<vincent(a)massol.net> wrote:
--
Denis Gervalle
SOFTEC sa - CEO
eGuilde sarl - CTO
On May 26, 2010, at 1:02 PM, Alex Busenius wrote:
> Hello devs,
>
>
> I propose to introduce a security mailing list (security(a)xwiki.org) to
> discuss details of security issues.
>
> This list should be private, with only committers and trusted
> contributors having read and write access. Anyone who proved his good
> intentions on the dev-list and bug tracker should be able to get access
> to security-list through the usual vote procedure.
>
> The purpose of this list is to give a safe place to discuss details open
> security issues without giving all script kiddies in the world examples
> to write exploits. The discussions should be kept on this private list
> until the corresponding fix is released.
>
> WDYT?
+1
+1 with the following additions:
- Allow people to post the security mailing list to report security
issues
+1
- Some explanation on the Mailing List page on
xwiki.org to explain what
the security mailing list is (see for ex
http://tomcat.apache.org/security.html). We need to ensure that people who
want to report security issues send them to the private security mailing
list
Thanks
-Vincent
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs
--
Thomas Mortagne
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs