Re: [xwiki-devs] [Proposal] A private security mailing list

On May 26, 2010, at 1:02 PM, Alex Busenius wrote: > Hello devs, > > > I propose to introduce a security mailing list (security(a)xwiki.org) to > discuss details of security issues. > > This list should be private, with only committers and trusted > contributors having read and write access. Anyone who proved his good > intentions on the dev-list and bug tracker should be able to get access > to security-list through the usual vote procedure. > > The purpose of this list is to give a safe place to discuss details open > security issues without giving all script kiddies in the world examples > to write exploits. The discussions should be kept on this private list > until the corresponding fix is released. > > WDYT?

+1 with the following additions: - Allow people to post the security mailing list to report security issues

- Some explanation on the Mailing List page on xwiki.org to explain what the security mailing list is (see for ex http://tomcat.apache.org/security.html). We need to ensure that people who want to report security issues send them to the private security mailing list Thanks -Vincent _______________________________________________ devs mailing list devs(a)xwiki.org http://lists.xwiki.org/mailman/listinfo/devs