incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: Population of ooo-security
Date Fri, 29 Jul 2011 07:49:22 GMT
Shane Curcuru wrote on Thu, Jul 28, 2011 at 22:34:53 -0400:
> Note that I would also recommend emailing security@ after you have a
> basic proposed plan to get advice, and to strongly consider
> following any advice you get.  They and some of the other major
> Apache projects, like Tomcat, Subversion, and httpd, should also be
> able to provide good guidance on ways to alert first responders
> (packagers, binary builders, whoever) in an appropriate manner
> before public disclosures.

For Subversion we maintain a pre-notification list that contains admin
contacts for some large installations and a script to email all of them
individually (i.e., the same email message N times, to avoid BCC).
(Members can see that at /pmc/subversion/security in the private repository.)
We email the fix when it's ready, so they can install it ahead of time.

Mime
View raw message