commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Curdt <>
Subject Re: Eirik Bjørsnøs' notsoserial deserialization protection agent, for Commons?
Date Sat, 21 Nov 2015 13:04:04 GMT
> 1) Is notsoserial a "great solution" or a "useful solution" in mitigating
> the problem of promiscuous deserialization?

Useful? Certainly

2) Is it a "better" solution than IO-487?

Not sure - but does that really matter? It has a broader scope.

3) Is it in the interest of Commons and the community at large to accept a
> donation of this code and include it under its umbrella?

I bet we would be fine to accept it.

While this community is great, it does not mean you couldn't also build a
micro community around it on github.
I think it really depends if you are willing to take the extra step towards
the ASF.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message