Sam Ruby wrote on 2019-8-21 8:29AM EDT: > On Wed, Aug 21, 2019 at 6:55 AM Mark J. Cox <m...@apache.org> wrote: ...snip... > Perhaps we can discuss the right long term solution, then work > backwards from there? > > One possibility is for the security team to request a VM (perhaps > security.apache.org or perhaps cve.apache.org?). I believe that it > could be spun up within an hour.
As a demo tool - to ensure it's ready for showing people what it would do - Whimsy would be fine. But I'd be uncomfortable hosting a live security tool (i.e. one that is handling pre-disclosure security data) on Whimsy in the current environment, especially since it uses different technologies than most applications. -- - Shane Whimsy PMC The Apache Software Foundation
