tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Thomas <ma...@apache.org>
Subject Re: Mail address in security-NN.html pages
Date Thu, 13 Oct 2011 08:40:28 GMT
On 13/10/2011 09:03, jean-frederic clere wrote:
> On 10/13/2011 07:26 AM, Konstantin Kolinko wrote:
>> Hi!
>>
>> Re-reading the security pages I have several notes
>>
>> http://tomcat.apache.org/security-6.html
>> http://tomcat.apache.org/security-7.html
>>
>> 1) security-6.html and others have the following text:
>>
>> "Please send comments or corrections for these vulnerabilities to the
>> Tomcat Security Team."
>>
>> with a link to security@ address in it.
>>
>> I think it is wrong. General comments and questions should be sent to
>> dev@ or users@. Only exploits are for security@.
>>
>> I am not yet sure how to better write it. Maybe with a link to
>> security.html or lists.html
> 
> I think the idea was to avoid a security comment like "in fact the fix
> is wrong" going to a public list.

Yep. Changing the text to "corrections to security@, questions to
users@" could be the way to go.

>> 2) I would like to mention that we do not provide binary patches.
>>
>> I think direct links to the following pages will help some people:
>>
>> http://tomcat.apache.org/tomcat-7.0-doc/building.html
>> http://tomcat.apache.org/tomcat-7.0-doc/BUILDING.txt
>>
>> The links will be different for different Tomcat versions.
> 
> +1 that should prevent people ask for a binary just after a fix.

huge +1. I am getting really fed up of the requests for 6.0.34.

>> 3) The above issues are already mentioned on the generic security page
>> (security.html), but on security-6.html page there is no direct link
>> back to security.html unless you pay attention to the site menu on the
>> left side.
> 
> Go fix it :D

+1.

Mark

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message