tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Costin Manolache <>
Subject Re: [VOTE] minimal JSR 154 only distribution
Date Tue, 10 Dec 2002 00:14:07 GMT
Pier Fumagalli wrote:

> They come up every now and then... That's why Costin wanted that
> all-private for your eyes only noone who is not cross checked with the FBI
> gets in security mailing list, right?...

Wrong. The list is for all tomcat committers - and all security information
will be posted after the fix is done. 

The list is created - and will hopefully be used next time a security 
problem is found.

> Ehemm... With 24 pages of vulnerability notes? Ha.. Hahaha.... Hahahaha!
> :-)

Again ?

There are 24 results - not 24 pages of results. And if you go down the page 
- many are not in tomcat.

Try the same thing for apache.

Yes - any code may have vulnerabilities, and the more code you have, the
more bugs you'll have. We can only do our best so that our code has 
fewer bugs - but that shouldn't stop us from distributing the code we 
write ( i.e. tomcat and jasper ). 


To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message