tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: svn commit: r685838 - in /tomcat/site/trunk: docs/security.html xdocs/security.xml
Date Thu, 14 Aug 2008 17:45:16 GMT
I love the way you phrased this, httpd should steal this for our site :)

Bill

markt@apache.org wrote:
> Author: markt
> Date: Thu Aug 14 03:07:25 2008
> New Revision: 685838
> 
> URL: http://svn.apache.org/viewvc?rev=685838&view=rev
> Log:
> Make purpose of security mailing list even clearer. Could now just provide a link to
this page in response to non-issue mails to the security address.
> 
> Modified:
>     tomcat/site/trunk/docs/security.html
>     tomcat/site/trunk/xdocs/security.xml
> 
> Modified: tomcat/site/trunk/docs/security.html
> URL: http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security.html?rev=685838&r1=685837&r2=685838&view=diff
> ==============================================================================
> --- tomcat/site/trunk/docs/security.html (original)
> +++ tomcat/site/trunk/docs/security.html Thu Aug 14 03:07:25 2008
> @@ -262,17 +262,36 @@
>      <p>The Apache Software Foundation takes a very active stance in eliminating
>         security problems and denial of service attacks against Apache Tomcat.
>         </p>
> +
>      <p>We strongly encourage folks to report such problems to our private
>         security mailing list first, before disclosing them in a public forum.</p>
>  
>      <p>
> -<strong>We cannot accept regular bug reports or other queries at this
> -       address, we ask that you use our <a href="bugreport.html">bug reporting
> -       page</a> for those. All mail sent to this address that does not relate
to
> -       security problems in the Apache Tomcat source code will be ignored.
> -       </strong>
> +<strong>Please note that the security mailing list should only be used
> +       for reporting undisclosed security vulnerabilities in Apache Tomcat and
> +       managing the process of fixing such vulnerabilities. We cannot accept
> +       regular bug reports or other queries at this address. All mail sent to
> +       this address that does not relate to an undisclosed security problem in
> +       the Apache Tomcat source code will be ignored.</strong>
>  </p>
> -    <p>The mailing address is: <a href="mailto:security@tomcat.apache.org">
> +
> +    <p>If you need to report a bug that isn't an undisclosed security
> +       vulnerability, please use the <a href="bugreport.html">bug reporting
> +       page</a>.</p>
> +       
> +    <p>Questions about:</p>
> +    <ul>
> +      <li>how to configure Tomcat securely</li>
> +      <li>if a vulnerability applies to your particular application</li>
> +      <li>obtaining further information on a published vulnerability</li>
> +      <li>availability of patches and/or new releases</li>
> +    </ul>
> +    <p>should be address to the users mailing list. Please see the
> +       <a href="lists.html">mailing lists</a> page for details of how to
> +       subscribe.</p>
> +    
> +    <p>The private security mailing address is:
> +       <a href="mailto:security@tomcat.apache.org">
>         security@tomcat.apache.org</a>
>  </p>
>  
> 
> Modified: tomcat/site/trunk/xdocs/security.xml
> URL: http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security.xml?rev=685838&r1=685837&r2=685838&view=diff
> ==============================================================================
> --- tomcat/site/trunk/xdocs/security.xml (original)
> +++ tomcat/site/trunk/xdocs/security.xml Thu Aug 14 03:07:25 2008
> @@ -48,15 +48,34 @@
>      <p>The Apache Software Foundation takes a very active stance in eliminating
>         security problems and denial of service attacks against Apache Tomcat.
>         </p>
> +
>      <p>We strongly encourage folks to report such problems to our private
>         security mailing list first, before disclosing them in a public forum.</p>
>  
> -    <p><strong>We cannot accept regular bug reports or other queries at
this
> -       address, we ask that you use our <a href="bugreport.html">bug reporting
> -       page</a> for those. All mail sent to this address that does not relate
to
> -       security problems in the Apache Tomcat source code will be ignored.
> -       </strong></p>
> -    <p>The mailing address is: <a href="mailto:security@tomcat.apache.org">
> +    <p><strong>Please note that the security mailing list should only be
used
> +       for reporting undisclosed security vulnerabilities in Apache Tomcat and
> +       managing the process of fixing such vulnerabilities. We cannot accept
> +       regular bug reports or other queries at this address. All mail sent to
> +       this address that does not relate to an undisclosed security problem in
> +       the Apache Tomcat source code will be ignored.</strong></p>
> +
> +    <p>If you need to report a bug that isn't an undisclosed security
> +       vulnerability, please use the <a href="bugreport.html">bug reporting
> +       page</a>.</p>
> +       
> +    <p>Questions about:</p>
> +    <ul>
> +      <li>how to configure Tomcat securely</li>
> +      <li>if a vulnerability applies to your particular application</li>
> +      <li>obtaining further information on a published vulnerability</li>
> +      <li>availability of patches and/or new releases</li>
> +    </ul>
> +    <p>should be address to the users mailing list. Please see the
> +       <a href="lists.html">mailing lists</a> page for details of how to
> +       subscribe.</p>
> +    
> +    <p>The private security mailing address is:
> +       <a href="mailto:security@tomcat.apache.org">
>         security@tomcat.apache.org</a></p>
>  
>      <p>Note that all networked servers are subject to denial of service attacks,
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: dev-help@tomcat.apache.org
> 
> 
> 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message