31 May
2010
31 May
'10
5:05 p.m.
On May 31, 2010, at 5:02 PM, Alex Busenius wrote:
Hello,
The new mailing list security(a)xwiki.org was created. All core commiters
will be on this list.
This is *not* an announcement list, it is meant for technical
discussions about security issues. However, everyone can write to this
mailing list, e.g. to report security issues (mails will be reviewed by
the administrator first).
If somebody else is interested in contributing to discussions on that
list, he or she should write a mail on the dev-list asking for access.
If the commiters agree (meaning that nobody is -1 on it, similar to a
proposal) this person will get access.
We also need to define who can get access. IMO:
- persons who have submitted security issues in jira
- persons who've submitted security patches
- persons who have been contributing to xwiki for a long time
WDYT?
Thanks
-Vincent
Alex
On 05/26/2010 01:02 PM, Alex Busenius wrote:
> Hello devs,
>
>
> I propose to introduce a security mailing list (security(a)xwiki.org) to
> discuss details of security issues.
>
> This list should be private, with only committers and trusted
> contributors having read and write access. Anyone who proved his good
> intentions on the dev-list and bug tracker should be able to get access
> to security-list through the usual vote procedure.
>
> The purpose of this list is to give a safe place to discuss details open
> security issues without giving all script kiddies in the world examples
> to write exploits. The discussions should be kept on this private list
> until the corresponding fix is released.
>
> WDYT?
>
>
> Alex