On 4/12/2012 2:37 AM, Daniel Shahaf wrote: > Dave Fisher wrote on Wed, Apr 11, 2012 at 23:48:05 -0700: >> Sorry, I can't remain mute, but I offended anyone, sorry, but this was >> wrongly done. I don't know a better way.... > > What about expanding the membership of ooo-security@? Currently it has > less than 10 subscribers.
That's ideal for a start. The security team needs to escalate actual releases to the private@ pmc list, if not the dev@ list at some point. Joining the security@ list isn't the answer to missing communications to private@. That said, does it have the right ~10 subscribers? Are more appropriate? It seems that about 1/3 of the httpd PMC are on httds's list, while most every tomcat PMC member is on tomcat's list. The global ASF security team list is actually smaller than either, and a handful of these are likely to be ASF officers rather than specific committee members. [Note that the ASF wide list is a firehose of spam, it's not a pleasant place to hang out.] So if ooo-security grows to 20 that shouldn't be surprising at all, but it should be deliberate and measured based on specific contributions to finding or fixing specific security defects, over a number of years. It's another list where merit can be helpful in helping it grow over time. --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
