Mark Cox wrote on 2019-06-25 13:06:48: > On Sat, May 4, 2019 at 2:51 PM Sharan Foga <sha...@apache.org> wrote: > > > ... > > Not sure if this has come up already but another idea for ApacheCon > > talks that came up in a brainstorming session (thanks Myrle :-) a > > few weeks ago was around security vulnerabilities and how to handle > > them > > > > For example: > > - An intro to the ASF Security team, who they are, what it does and > > how it works > > - An overview of the process for managing Security vulnerabilities, > > - What are the project Do’S and Dont’s when it comes to handling > > security vulnerabilities? > > - Any real life stories from the trenches – how it was resolved > > > > This is something really important for all our projects to know and > > understand (which is why I’m mentioning it here under Community). > > > > So if you are interested in talking about this topic then please > > submit something for the CFPs for Las Vegas and Berlin. > > > > Just catching up with dev@ mail and wish had seen this sooner. I'll > be out at Vegas and want to do something like this -- we could do it > as a BoF session now. Things we get ask include the above and > specifically "How does CVE allocation work", "How do we deal with > issues that cross multiple projects", "How to deal with stuff that's > private when we need to commit public before release" and so on.
I'm also catching up on dev@ email and unfortunately didn't see Sharon's email until now... Sounds like a great idea for a talk. Mark, if you are doing a BoF about this in Vegas I'd be happy to get involved. Best regards Lars -- Lars Eilebrecht l...@eilebrecht.net --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@community.apache.org For additional commands, e-mail: dev-h...@community.apache.org
