Would security@f.a.o work as any other private ML?
Contrary to what Becket said in the discussion thread,
secur...@apache.org is not just "another hop"; it provides guiding
material, the security team checks for activity and can be pinged easily
as they are cc'd in the initial report.
I vastly prefer this over a separate mailing list; if these benefits
don't apply to security@f.a.o I'm -1 on this.
On 02/12/2019 02:28, Becket Qin wrote:
Thanks for driving this, Dian.
+1 from me, for the reasons I mentioned in the discussion thread.
On Tue, Nov 26, 2019 at 12:08 PM Dian Fu <dian0511...@gmail.com> wrote:
NOTE: Only PMC votes is binding.
Thanks for sharing your thoughts. I also think that this doesn't fall into
any of the existing categories listed in the bylaws. Maybe we could do some
improvements for the bylaws.
This is not codebase change as Robert mentioned and it's related to how to
manage Flink's development in a good way. So, I agree with Robert and
Jincheng that this VOTE should only count PMC votes for now.
Thanks,
Dian
在 2019年11月26日,上午11:43,jincheng sun <sunjincheng...@gmail.com> 写道:
I also think that we should only count PMC votes.
This ML is to improve the security mechanism for Flink. Of course we
don't
expect to use this
ML often. I hope that it's perfect if this ML is never used. However, the
Flink community is growing rapidly, it's better to
make our security mechanism as convenient as possible. But I agree that
this ML is not a must to have, it's nice to have.
So, I give the vote as +1(binding).
Best,
Jincheng
Robert Metzger <rmetz...@apache.org> 于2019年11月25日周一 下午9:45写道:
I agree that we are only counting PMC votes (because this decision goes
beyond the codebase)
I'm undecided what to vote :) I'm not against setting up a new mailing
list, but I also don't think the benefit (having a private list with
PMC +
committers) is enough to justify the work involved. As far as I
remember,
we have received 2 security issue notices, both basically about the same
issue. I'll leave it to other PMC members to support this if they want
to
...
On Mon, Nov 25, 2019 at 9:15 AM Dawid Wysakowicz <
dwysakow...@apache.org>
wrote:
Hi all,
What is the voting scheme for it? I am not sure if it falls into any of
the categories we have listed in our bylaws. Are committers votes
binding or just PMCs'? (Personally I think it should be PMCs') Is this
a
binding vote or just an informational vote?
Best,
Dawid
On 25/11/2019 07:34, jincheng sun wrote:
+1
Dian Fu <dian0511...@gmail.com> 于2019年11月21日周四 下午4:11写道:
Hi all,
According to our previous discussion in [1], I'd like to bring up a
vote
to set up a secur...@flink.apache.org mailing list.
The vote will be open for at least 72 hours (excluding weekend). I'll
try
to close it by 2019-11-26 18:00 UTC, unless there is an objection or
not
enough votes.
Regards,
Dian
[1]
http://apache-flink-mailing-list-archive.1008284.n3.nabble.com/DISCUSS-Expose-or-setup-a-security-flink-apache-org-mailing-list-for-security-report-and-discussion-tt34950.html#a34951
