lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Grant Ingersoll <>
Subject Re: access policy for Java Open Review Project
Date Tue, 19 Dec 2006 19:54:47 GMT

On Dec 19, 2006, at 12:16 AM, Brian Chess wrote:

> My question is, would you like to allow outsiders to go through  
> results and
> help sort the real bugs from the chaff?  The upside is that  
> volunteers may
> perform useful work and that it may be another avenue to get people  
> involved
> with the code.  The down side is that things like XSS in admin  
> pages may
> lead them to make more ruckus than is really appropriate.

Are there any security concerns (I think your original intro said you  
don't generally share w/ the public) of having others involved?  That  
is, could we be publishing information that could make a Lucene  
application vulnerable or is really just a "ruckus" issue?  Part of  
me thinks that b/c the code is freely available, people could find  
the security issues anyway, so we aren't really protecting ourselves  
anyway by denying access.

Thanks, btw, for the account and for setting this up.

Grant Ingersoll
Center for Natural Language Processing

Read the Lucene Java FAQ at 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message