You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@fineract.apache.org by Myrle Krantz <my...@apache.org> on 2018/12/05 10:16:26 UTC
Almost no one is subscribed to our security mailing list
Current subscribees are:
* me
* Ed
* Vishwas
Thank you Ed and Vishwas for sharing responsibility for this critical
aspect of our project.
Potential subscribees are anyone who has a committership or is on the PMC
of Fineract.
If you wish to subscribe please write an email to
security-subscribe@fineract.apache.org. If you have any difficulties,
please write an email to dev@fineract.apache.org to let us know.
Unless people start subscribing, I will ask INFRA to remove the mailing
list. With so few people subscribed, the security mailing list cannot
serve its purpose, and will be more of a problem than a solution.
Best Regards,
Myrle
Re: Almost no one is subscribed to our security mailing list
Posted by "Zayyad A. Said" <za...@intrasofttechnologies.com>.
Thanks Myrle for that clarification.
With the restrictions to be only viewed by PMC members and committers but
receive emails from all then it's important to maintain the list.
Probably most of us were not aware of it and that's why people had not
subscribed to it.
Regards,
On Wed, Dec 5, 2018, 14:48 Myrle Krantz <my...@apache.org> wrote:
> Hello Zayyad,
>
> Thank you for the excellent question.
>
> The security list is a list that only committers and PMC members can view.
> But anyone can send emails to it. The security list can be used to report
> security vulnerabilities. It can also be used to handle responses to those
> vulnerabilities.
>
> If you are wondering how security vulnerabilities are handled at Apache,
> this is an excellent guide:
> https://www.apache.org/security/committers.html
>
> When we started a security list it was to replace the use of the private
> list for planning security responses. One potential advantage to this
> change is that committers can participate, whereas only PMC members can
> participate on private.
>
> By creating the security list, we offered all of our committers a
> promotion. : o)
>
> Best Regards,
> Myrle
>
>
> On Wed, Dec 5, 2018 at 11:54 AM Zayyad A. Said <
> zayyad@intrasofttechnologies.com> wrote:
>
> > Dear Myrle,
> >
> > Was the list created to serve a special purpose other than what the dev
> > list serves?
> >
> > It's critical to understand the purpose of the list before one subscribes
> > to it.
> >
> > Kindly enlighten us.
> >
> > Regards,
> >
> > Zayyad A. Said
> > On Wed, Dec 5, 2018, 13:16 Myrle Krantz <my...@apache.org> wrote:
> >
> >> Current subscribees are:
> >>
> >> * me
> >> * Ed
> >> * Vishwas
> >>
> >> Thank you Ed and Vishwas for sharing responsibility for this critical
> >> aspect of our project.
> >>
> >> Potential subscribees are anyone who has a committership or is on the
> PMC
> >> of Fineract.
> >>
> >> If you wish to subscribe please write an email to
> >> security-subscribe@fineract.apache.org. If you have any difficulties,
> >> please write an email to dev@fineract.apache.org to let us know.
> >>
> >> Unless people start subscribing, I will ask INFRA to remove the mailing
> >> list. With so few people subscribed, the security mailing list cannot
> >> serve its purpose, and will be more of a problem than a solution.
> >>
> >> Best Regards,
> >> Myrle
> >>
> >
>
Re: Almost no one is subscribed to our security mailing list
Posted by Ed Cable <ed...@mifos.org>.
Myrle,
I think the reason nobody has subscribed is it probably got buried in the
bottom of that other email thread on Nov 28. I think your email above helps
to clarify the list is now available, who can subscribe and that messages
can be sent to it by any individual.
We should update the Fineract website correct? I will update the Mifos
website as to the purpose of this additional list.
Ed
On Wed, Dec 5, 2018 at 3:48 AM Myrle Krantz <my...@apache.org> wrote:
> Hello Zayyad,
>
> Thank you for the excellent question.
>
> The security list is a list that only committers and PMC members can
> view. But anyone can send emails to it. The security list can be used to
> report security vulnerabilities. It can also be used to handle responses
> to those vulnerabilities.
>
> If you are wondering how security vulnerabilities are handled at Apache,
> this is an excellent guide:
> https://www.apache.org/security/committers.html
>
> When we started a security list it was to replace the use of the private
> list for planning security responses. One potential advantage to this
> change is that committers can participate, whereas only PMC members can
> participate on private.
>
> By creating the security list, we offered all of our committers a
> promotion. : o)
>
> Best Regards,
> Myrle
>
>
> On Wed, Dec 5, 2018 at 11:54 AM Zayyad A. Said <
> zayyad@intrasofttechnologies.com> wrote:
>
>> Dear Myrle,
>>
>> Was the list created to serve a special purpose other than what the dev
>> list serves?
>>
>> It's critical to understand the purpose of the list before one subscribes
>> to it.
>>
>> Kindly enlighten us.
>>
>> Regards,
>>
>> Zayyad A. Said
>> On Wed, Dec 5, 2018, 13:16 Myrle Krantz <my...@apache.org> wrote:
>>
>>> Current subscribees are:
>>>
>>> * me
>>> * Ed
>>> * Vishwas
>>>
>>> Thank you Ed and Vishwas for sharing responsibility for this critical
>>> aspect of our project.
>>>
>>> Potential subscribees are anyone who has a committership or is on the PMC
>>> of Fineract.
>>>
>>> If you wish to subscribe please write an email to
>>> security-subscribe@fineract.apache.org. If you have any difficulties,
>>> please write an email to dev@fineract.apache.org to let us know.
>>>
>>> Unless people start subscribing, I will ask INFRA to remove the mailing
>>> list. With so few people subscribed, the security mailing list cannot
>>> serve its purpose, and will be more of a problem than a solution.
>>>
>>> Best Regards,
>>> Myrle
>>>
>>
--
*Ed Cable*
President/CEO, Mifos Initiative
edcable@mifos.org | Skype: edcable | Mobile: +1.484.477.8649
*Collectively Creating a World of 3 Billion Maries | *http://mifos.org
<http://facebook.com/mifos> <http://www.twitter.com/mifos>
Re: Almost no one is subscribed to our security mailing list
Posted by Myrle Krantz <my...@apache.org>.
Hello Zayyad,
Thank you for the excellent question.
The security list is a list that only committers and PMC members can view.
But anyone can send emails to it. The security list can be used to report
security vulnerabilities. It can also be used to handle responses to those
vulnerabilities.
If you are wondering how security vulnerabilities are handled at Apache,
this is an excellent guide:
https://www.apache.org/security/committers.html
When we started a security list it was to replace the use of the private
list for planning security responses. One potential advantage to this
change is that committers can participate, whereas only PMC members can
participate on private.
By creating the security list, we offered all of our committers a
promotion. : o)
Best Regards,
Myrle
On Wed, Dec 5, 2018 at 11:54 AM Zayyad A. Said <
zayyad@intrasofttechnologies.com> wrote:
> Dear Myrle,
>
> Was the list created to serve a special purpose other than what the dev
> list serves?
>
> It's critical to understand the purpose of the list before one subscribes
> to it.
>
> Kindly enlighten us.
>
> Regards,
>
> Zayyad A. Said
> On Wed, Dec 5, 2018, 13:16 Myrle Krantz <my...@apache.org> wrote:
>
>> Current subscribees are:
>>
>> * me
>> * Ed
>> * Vishwas
>>
>> Thank you Ed and Vishwas for sharing responsibility for this critical
>> aspect of our project.
>>
>> Potential subscribees are anyone who has a committership or is on the PMC
>> of Fineract.
>>
>> If you wish to subscribe please write an email to
>> security-subscribe@fineract.apache.org. If you have any difficulties,
>> please write an email to dev@fineract.apache.org to let us know.
>>
>> Unless people start subscribing, I will ask INFRA to remove the mailing
>> list. With so few people subscribed, the security mailing list cannot
>> serve its purpose, and will be more of a problem than a solution.
>>
>> Best Regards,
>> Myrle
>>
>
Re: Almost no one is subscribed to our security mailing list
Posted by "Zayyad A. Said" <za...@intrasofttechnologies.com>.
Dear Myrle,
Was the list created to serve a special purpose other than what the dev
list serves?
It's critical to understand the purpose of the list before one subscribes
to it.
Kindly enlighten us.
Regards,
Zayyad A. Said
On Wed, Dec 5, 2018, 13:16 Myrle Krantz <my...@apache.org> wrote:
> Current subscribees are:
>
> * me
> * Ed
> * Vishwas
>
> Thank you Ed and Vishwas for sharing responsibility for this critical
> aspect of our project.
>
> Potential subscribees are anyone who has a committership or is on the PMC
> of Fineract.
>
> If you wish to subscribe please write an email to
> security-subscribe@fineract.apache.org. If you have any difficulties,
> please write an email to dev@fineract.apache.org to let us know.
>
> Unless people start subscribing, I will ask INFRA to remove the mailing
> list. With so few people subscribed, the security mailing list cannot
> serve its purpose, and will be more of a problem than a solution.
>
> Best Regards,
> Myrle
>