incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: [DISCUSS] Creation of ooo-security List
Date Wed, 06 Jul 2011 23:50:02 GMT
I'm assuming the goal is to keep the analysis and discussion of alleged vulnerabilities to
a relatively small need-to-know group.  

I don't know that 10 is a hard number, I heard it as a suggestion when I asked around about
how this works at Apache.  Do you know typical sizes for security@project lists?

 - Dennis

-----Original Message-----
From: Daniel Shahaf [mailto:d.s@daniel.shahaf.name] 
Sent: Wednesday, July 06, 2011 15:54
To: OOo-dev Apache Incubator
Subject: Re: [DISCUSS] Creation of ooo-security List

Dennis E. Hamilton wrote on Wed, Jul 06, 2011 at 12:02:31 -0700:
> I've learned that the Apache approach is for each PMC taking the lead
> in handling security matters related to its releases.  To maintain the
> security of security matters, the practice is to have a private list
> (for us, ooo-security) with not more than ten security-aware
> subscribers.

I've never heard of a magic number cap to the # of subscribers of
a mailing list.


Mime
View raw message