geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Donald Woods <>
Subject Re: Create a security committee?
Date Wed, 07 Dec 2005 17:28:29 GMT
I would also like to help in this endeavor...


Kresten Krab Thorup (Trifork) wrote:
> I'd be happy to be part of this also.
> Kresten Krab Thorup
> On Nov 19, 2005, at 5:19 AM, Aaron Mulder wrote:
>> All,
>> I'd really like to have a group of interested and available people to
>> review security-related changes to Geronimo.  And by this I mean,
>> features dealing with SSL, security realms, storing files with
>> passwords, showing passwords in the console, establishing procedures
>> for "locking down the server", reviewing vulnerability reports, etc.
>> I don't really mean nitty gritty details of JACC or conducting a
>> comprehensive security audit of the entire codebase.
>> What would people think of that, and are there any volunteers?
>> I should also note that I expect some vulnerabilities to be reported
>> to the PMC rather than to the public list, but I think a lot can be
>> done outside the PMC as well (or maybe I should exclude reviewing
>> vulnerability reports from what I'm talking about, I don't know if
>> there's a policy there).
>> Thanks,
>>     Aaron

View raw message