tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Costin Manolache <cmanola...@yahoo.com>
Subject Re: [VOTE] tomcat-commiters list
Date Mon, 14 Oct 2002 20:40:15 GMT
Chuck Murcko wrote:

> There's currently a call for project committers to be on the
> security@apache.org list. This list intends to be the clearinghouse for
> all ASF project related security issues, not just httpd.
> 
> Costin, Craig, et al.: the deal seems to be that each major project
> version have someone who's a committer subscribed as a project liason.
> So it might make sense if you both signed up, or if other committers
> wanted to step forward...I would leave that to you all to figure out.
> 
> Not to short-circuit a Tomcat committers list, because there may well be
> issues other than security to deal with, and it would make sense to have
> information flow between security@ and a proposed tomcat-committers@
> anyway (I'm thinking the detailed hashing of fixes would happen on the
> latter list).

Regarding security@apache.org - I think that all who play the role of 
release manager should be on the list ( i.e. Remy, Larry, Mladen, Henri).
It seems to be open for a limited number of 'liasons' ( I hope it
is more than one, as we have several major components ).

My preference is that any tomcat commiter who is interested to be able
to get this info and discuss ( and hopefully fix ) tomcat security
issues. I hope that whoever gets the security messages will fix them or 
forward them to tomcat-commiters - but that's of course his choice.

If the apache list is open to any commiter - I'll certainly subscribe
( and I hope most active tomcat commiters will do the same ! ),
but that doesn't remove the need for a private list for tomcat 
commiters.

Costin



--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message