Chuck Murcko wrote: > There's currently a call for project committers to be on the > [EMAIL PROTECTED] list. This list intends to be the clearinghouse for > all ASF project related security issues, not just httpd. > > Costin, Craig, et al.: the deal seems to be that each major project > version have someone who's a committer subscribed as a project liason. > So it might make sense if you both signed up, or if other committers > wanted to step forward...I would leave that to you all to figure out. > > Not to short-circuit a Tomcat committers list, because there may well be > issues other than security to deal with, and it would make sense to have > information flow between security@ and a proposed tomcat-committers@ > anyway (I'm thinking the detailed hashing of fixes would happen on the > latter list).
Regarding [EMAIL PROTECTED] - I think that all who play the role of release manager should be on the list ( i.e. Remy, Larry, Mladen, Henri). It seems to be open for a limited number of 'liasons' ( I hope it is more than one, as we have several major components ). My preference is that any tomcat commiter who is interested to be able to get this info and discuss ( and hopefully fix ) tomcat security issues. I hope that whoever gets the security messages will fix them or forward them to tomcat-commiters - but that's of course his choice. If the apache list is open to any commiter - I'll certainly subscribe ( and I hope most active tomcat commiters will do the same ! ), but that doesn't remove the need for a private list for tomcat commiters. Costin -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
