What if we digest the audience and list the scope (different projects which are impacted/offering mitigations) in a more conversational tone, mention the httpoxy URL and just point the reader to https://www.apache.org/security/asf-httpoxy-response.txt for all the detailed workarounds we've offered?
FWIW I've requested a Security Team blog topic and listed some key team members including MarkT, MJC and Dirk as initial admins, but that may take a bit more time to provision. On Jul 19, 2016 7:36 AM, "Rich Bowen" <rbo...@rcbowen.com> wrote: > Ok, well, let me know what you want posted, and I'll be glad to > facilitate. I presume we want this done soon or not at all, so I'll be > ready whenever you let me know. > > On Jul 19, 2016 04:06, "Bertrand Delacretaz" <bdelacre...@apache.org> > wrote: > > > On Mon, Jul 18, 2016 at 4:14 PM, William A Rowe Jr <wr...@rowe-clan.net> > > wrote: > > > ...Does it make sense to blog this, or at least R/T from @TheASF? ... > > > > I'd say tweet and maybe also write a foundation blog post to announce > > that advisory, but do not duplicate the advisory content on the blog > > (assuming the URL that you mention is meant to be permanent). > > > > -Bertrand > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@community.apache.org > > For additional commands, e-mail: dev-h...@community.apache.org > > > > >
