httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Champion <>
Subject Re: Change from ad-hoc/historical security process to ASF process?
Date Fri, 05 May 2017 18:59:45 GMT
On 05/05/2017 05:39 AM, Eric Covener wrote:
> Here is the change that probably has the biggest impact to the community:
> """
> ...
> The project team commits the fix. No reference should be made to the
> commit being related to a security vulnerability.

This is the only part that makes me nervous, since I worry it'll 
encourage obscure commits, but otherwise...

> To me, this is just a way to get us out of ambiguity/stalemate about
> the overall process and follow security@a.o's best practices.
> Thoughts?

...I'm +1 to adopting the standard process in its entirety. We can 
always modify pieces later if they end up not working for us.


View raw message