Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 70C0F200B52 for ; Mon, 25 Jul 2016 09:22:59 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 6F704160A7D; Mon, 25 Jul 2016 07:22:59 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id BEAA2160A78 for ; Mon, 25 Jul 2016 09:22:58 +0200 (CEST) Received: (qmail 36293 invoked by uid 500); 25 Jul 2016 07:22:57 -0000 Mailing-List: contact dev-help@ofbiz.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ofbiz.apache.org Delivered-To: mailing list dev@ofbiz.apache.org Received: (qmail 36282 invoked by uid 99); 25 Jul 2016 07:22:57 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 25 Jul 2016 07:22:57 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 330A7181BC1 for ; Mon, 25 Jul 2016 07:22:57 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.652 X-Spam-Level: X-Spam-Status: No, score=0.652 tagged_above=-999 required=6.31 tests=[SPF_NEUTRAL=0.652] autolearn=disabled Received: from mx2-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id IFqYzOk3eEIe for ; Mon, 25 Jul 2016 07:22:55 +0000 (UTC) Received: from mx1.openfarm.fr (mx1.openfarm.fr [213.215.11.10]) by mx2-lw-us.apache.org (ASF Mail Server at mx2-lw-us.apache.org) with ESMTP id 783225F474 for ; Mon, 25 Jul 2016 07:22:55 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by mx1.openfarm.fr (Postfix) with ESMTP id 7EBA42154E for ; Mon, 25 Jul 2016 09:22:54 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at OPFHBG003.hosting.openfarm.fr Received: from mx1.openfarm.fr ([127.0.0.1]) by localhost (OPFHBG003.hosting.openfarm.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ogSgrupsI5Gd for ; Mon, 25 Jul 2016 09:22:54 +0200 (CEST) Received: from [192.168.0.29] (br137-5-78-234-239-30.fbx.proxad.net [78.234.239.30]) (Authenticated sender: nicolas.malin@nereide.fr) by mx1.openfarm.fr (Postfix) with ESMTPSA id D0FC921548 for ; Mon, 25 Jul 2016 09:22:53 +0200 (CEST) Subject: Re: [VOTE] Create the "security" mailing list for the OFBiz project To: dev@ofbiz.apache.org References: From: Nicolas Malin Organization: =?UTF-8?B?TsOpcsOpaWRl?= Message-ID: <25ae11b2-40c3-e691-4bcf-cb011ae793e5@nereide.fr> Date: Mon, 25 Jul 2016 09:22:51 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit archived-at: Mon, 25 Jul 2016 07:22:59 -0000 +1 Le 24/07/2016 à 14:32, Jacopo Cappellato a écrit : > Rationale: every ASF project needs a private list to discuss product > vulnerabilities; for OFBiz the "private" list has been used for this > purpose until now; however an ad-hoc list may be useful because it could > provide a more focused space to discuss the security issues and could > provide more flexibility to invite in the private list persons willing to > help that are trusted by the PMC. > > Please vote, > > +1 > > to create a "security" list (i.e. security@ofbiz.apache.org) and move all > the security related discussions and notifications currently happening on > the private list to this new list: according to the ASF policies [*] the > list will be a private list used by the persons willing to help to resolve > security issues; the list of subscribers will be approved by the OFBiz PMC. > > Otherwise vote -1 to continue to use the "private" mailing list for > vulnerability handling. > > [*] http://www.apache.org/security/ >