26 May
2010
26 May
'10
2:20 p.m.
+1
Jerome.
----- Original Message -----
From: "Vincent Massol" <vincent(a)massol.net>
To: "XWiki Developers" <devs(a)xwiki.org>
Sent: Wednesday, May 26, 2010 1:34:12 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome /
Stockholm / Vienna
Subject: Re: [xwiki-devs] [Proposal] A private security mailing list
On May 26, 2010, at 1:02 PM, Alex Busenius wrote:
Hello devs,
I propose to introduce a security mailing list (security(a)xwiki.org) to
discuss details of security issues.
This list should be private, with only committers and trusted
contributors having read and write access. Anyone who proved his good
intentions on the dev-list and bug tracker should be able to get access
to security-list through the usual vote procedure.
The purpose of this list is to give a safe place to discuss details open
security issues without giving all script kiddies in the world examples
to write exploits. The discussions should be kept on this private list
until the corresponding fix is released.
WDYT?
+1 with the following additions:
- Allow people to post the security mailing list to report security issues
- Some explanation on the Mailing List page on xwiki.org to explain what the security
mailing list is (see for ex http://tomcat.apache.org/security.html). We need to ensure
that people who want to report security issues send them to the private security mailing
list
Thanks
-Vincent
_______________________________________________
devs mailing list
devs(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/devs