commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Curdt <tcu...@vafer.org>
Subject Re: Eirik Bjørsnøs' notsoserial deserialization protection agent, for Commons?
Date Sat, 21 Nov 2015 13:04:04 GMT
>
> 1) Is notsoserial a "great solution" or a "useful solution" in mitigating
> the problem of promiscuous deserialization?
>

Useful? Certainly


2) Is it a "better" solution than IO-487?
>

Not sure - but does that really matter? It has a broader scope.


3) Is it in the interest of Commons and the community at large to accept a
> donation of this code and include it under its umbrella?
>

I bet we would be fine to accept it.

While this community is great, it does not mean you couldn't also build a
micro community around it on github.
I think it really depends if you are willing to take the extra step towards
the ASF.

cheers,
Torsten

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message