couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joan Touzet <woh...@apache.org>
Subject Re: [DISCUSS] Apache CouchDB Developer Code of Conduct
Date Wed, 30 Apr 2014 05:24:13 GMT
And the good news is that we have a mechanism for that already! :)

http://docs.couchdb.org/en/latest/cve/index.html

We encourage people to bring security issues to us via this framework.
All issues raised are addressed promptly and disclosed as soon as feasible.

-Joan

----- Original Message -----
From: "Bruno Rohée" <bruno@rohee.org>
To: dev@couchdb.apache.org
Sent: Tuesday, April 29, 2014 7:42:29 PM
Subject: Re: [DISCUSS] Apache CouchDB Developer Code of Conduct

Joan Touzet wtrote:

>  We will keep our entire bug report database open for public  view at all
times. Reports that people file online will promptly become visible to
others.

My two cents : there are good, practical reasons to keep some bugs
confidential before a fix/workaround is available. Namely security bugs.
It's definitely bad when bugs are kept hidden for months or even years, but
surely there is some middle ground to be found. This is especially
important as it's reasonable to have an Internet facing CouchDB, unlike
many other DBs...


On Mon, Apr 28, 2014 at 9:48 PM, Joan Touzet <joant@atypical.net> wrote:

> Benoit said:
> > This one looks really good. What's your plan about the social contract?
> > Take something adapted?
>
> In the context of this CoC it only refers to:
>
>   "We will not hide problems
>
>   We will keep our entire bug report database open for public
>   view at all times. Reports that people file online will
>   promptly become visible to others."
>
> so we can probably make this explicit, then point to the ASF Bylaws[1]
> and ASF "How it works"[2] for the rest.
>
> -Joan
>
> [1] https://www.apache.org/foundation/bylaws.html
> [2] https://www.apache.org/foundation/how-it-works.html
>

Mime
View raw message