You are viewing a plain text version of this content. The canonical link for it is here.
Posted to general@jakarta.apache.org by Ortwin Glück <od...@odi.ch> on 2005/11/04 09:58:17 UTC
when to post to security list?
Hi,
could anybody tell me in which case a security problem needs to be
posted to security at apache.org? Is there a web page?
Thanks
Ortwin
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
Re: when to post to security list?
Posted by Yoav Shapira <yo...@apache.org>.
Hi,
security@apache.org is general: they will delegate to the appropriate mailing
list, e.g. security@tomcat.apache.org, as needed.
Don't publish something before you run it by security@apache.org, please ;)
Yoav
--- Ortwin Glück <od...@odi.ch> wrote:
> Yoav,
>
> Sorry, stupid me didn't know security@apache was for httpd only. I guess
> then every project has to maintain it's own security mail address if it
> needs that. I also guess there is no central handling of security issues
> for all ASF projects. I further guess publishing of vulnerabilities is
> completely up to the committers. Correct me if I am wrong.
>
> Cheers
>
> Odi
>
> Yoav Shapira wrote:
> > Ortwin,
> > There are general guidelines at
> http://httpd.apache.org/security_report.html.
> > Basically, if you suspect a security issue, let security@apache.org know.
> Let
> > them worry about filtering it and possibly coming back to you with a
> message
> > like "no, this is not an issue, because..." ;)
> >
> > Yoav
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: general-help@jakarta.apache.org
>
>
Yoav Shapira
System Design and Management Fellow
MIT Sloan School of Management
Cambridge, MA, USA
yoavs@computer.org / www.yoavshapira.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
Re: when to post to security list?
Posted by Ortwin Glück <od...@odi.ch>.
Yoav,
Sorry, stupid me didn't know security@apache was for httpd only. I guess
then every project has to maintain it's own security mail address if it
needs that. I also guess there is no central handling of security issues
for all ASF projects. I further guess publishing of vulnerabilities is
completely up to the committers. Correct me if I am wrong.
Cheers
Odi
Yoav Shapira wrote:
> Ortwin,
> There are general guidelines at http://httpd.apache.org/security_report.html.
> Basically, if you suspect a security issue, let security@apache.org know. Let
> them worry about filtering it and possibly coming back to you with a message
> like "no, this is not an issue, because..." ;)
>
> Yoav
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org
Re: when to post to security list?
Posted by Yoav Shapira <yo...@apache.org>.
Ortwin,
There are general guidelines at http://httpd.apache.org/security_report.html.
Basically, if you suspect a security issue, let security@apache.org know. Let
them worry about filtering it and possibly coming back to you with a message
like "no, this is not an issue, because..." ;)
Yoav
--- Ortwin Glück <od...@odi.ch> wrote:
> Hi,
>
> could anybody tell me in which case a security problem needs to be
> posted to security at apache.org? Is there a web page?
>
> Thanks
>
> Ortwin
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: general-help@jakarta.apache.org
>
>
Yoav Shapira
System Design and Management Fellow
MIT Sloan School of Management
Cambridge, MA, USA
yoavs@computer.org / www.yoavshapira.com
---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@jakarta.apache.org
For additional commands, e-mail: general-help@jakarta.apache.org