geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevan Miller <>
Subject Re: Create a security committee?
Date Sun, 20 Nov 2005 02:11:30 GMT
I'd be happy to help out. Limiting distribution of vulnerabilities to the
PMC would pose a problem for me, however. I'm also unsure that limiting
distribution of vulnerabilities is a good idea at this point: 1) the
exposure is low and 2) better to keep all involved/aware rather than a
limited few...
 On 11/18/05, Aaron Mulder <> wrote:
> All,
> I'd really like to have a group of interested and available people to
> review security-related changes to Geronimo. And by this I mean,
> features dealing with SSL, security realms, storing files with
> passwords, showing passwords in the console, establishing procedures
> for "locking down the server", reviewing vulnerability reports, etc.
> I don't really mean nitty gritty details of JACC or conducting a
> comprehensive security audit of the entire codebase.
> What would people think of that, and are there any volunteers?
> I should also note that I expect some vulnerabilities to be reported
> to the PMC rather than to the public list, but I think a lot can be
> done outside the PMC as well (or maybe I should exclude reviewing
> vulnerability reports from what I'm talking about, I don't know if
> there's a policy there).
> Thanks,
> Aaron

View raw message