While some people use tomcat-dev (or even bugzilla), [EMAIL PROTECTED] is the preferred address. There are Tomcat developers on that list, and posting there allows the patch to get posted (usually a few hours) before all of the black-hats know about it.
Personally, I'd prefer that you post to [EMAIL PROTECTED], since Apache is strongly committed to closing security holds. However, I'd understand if you choose to post to tomcat-dev as well. ----- Original Message ----- From: "Christopher Todd" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, September 07, 2002 4:43 PM Subject: reporting security problems > According to the Jakarta website, security problems for Jakarta projects > should be reported to [EMAIL PROTECTED] > > A colleague of mine and I are researching a potential security issue in > Tomcat, and I wanted to confirm that we should use [EMAIL PROTECTED] to > report the issue, once our research is complete. Is there a different > address that is preferred for reporting and/or discussing Tomcat security > issues? > > Chris > > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
