> -----Original Message----- > From: Marcus [mailto:[email protected]] > Sent: Tuesday, December 22, 2020 12:37 PM > To: [email protected] > Subject: Re: Security vulnerabilities in AOO?
> > To do this, I need to acquire factual knowledge, and also > understand which criticism is based on facts and which is > (possibly) just based on anti-AOO marketing. > > I don't understand why you try to answer these things. It's > absolutely > OK when you go the easy way and just point them to the > security@ mailing > list. 1. Especially because I'm paid professionally as an IT consultant to answer questions like this for my customers. Do you think customers who hear from others that AOO is supposedly insecure because it doesn't fix security problems quickly, would be pleased if I referred them to security@? 2. What is the point of recommending that third parties refer to security@ when it says on https://www.apache.org/security/committers.html: "They are _not intended to be used as a third-party notification system_ and non-committers should not be subscribed to the lists." greetings, Jörg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
