tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <wbar...@wilshire.com>
Subject Re: reporting security problems
Date Sun, 08 Sep 2002 03:05:26 GMT
While some people use tomcat-dev (or even bugzilla), security@apache.org is
the preferred address.  There are Tomcat developers on that list, and
posting there allows the patch to get posted (usually a few hours) before
all of the black-hats know about it.

Personally, I'd prefer that you post to security@apache.org, since Apache is
strongly committed to closing security holds.  However, I'd understand if
you choose to post to tomcat-dev as well.

----- Original Message -----
From: "Christopher Todd" <chris@christophertodd.com>
To: <tomcat-dev@jakarta.apache.org>
Sent: Saturday, September 07, 2002 4:43 PM
Subject: reporting security problems


> According to the Jakarta website, security problems for Jakarta projects
> should be reported to security@apache.org.
>
> A colleague of mine and I are researching a potential security issue in
> Tomcat, and I wanted to confirm that we should use security@apache.org to
> report the issue, once our research is complete.  Is there a different
> address that is preferred for reporting and/or discussing Tomcat security
> issues?
>
> Chris
>
>
> --
> To unsubscribe, e-mail:
<mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
> For additional commands, e-mail:
<mailto:tomcat-dev-help@jakarta.apache.org>
>


--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message