[OPEN-ILS-DEV] Security team coordination
Galen Charlton
gmc at esilibrary.com
Wed Dec 22 11:14:13 EST 2010
Hi,
On Dec 21, 2010, at 1:32 PM, Mike Rylander wrote:
> So, to that end, I would like to propose the creation of an
> open-ils-security mailing list.
+1
> Ideas for alternate methods of communication amongst security team
> members are welcome, so if you can think of something that would work
> better for those that will be on the team and have less overhead,
> please reply here!
I think a moderated, private mailing list is fine -- traffic will hopefully be low, so I would not anticipate that it would cause any significant overhead. All of the members of the security team are presumably used to drinking from the open-ils-dev firehose anyway.
One thing that we should discuss is a policy for the archives of the security mailing list. I propose that the mailing list be publicly archived but under a one-year embargo. This would allow communications to be transparent (ultimately) and provide an incentive to not let security issues sit fallow while allowing us to try to release fixes for major security issues before exploits are published.
Regards,
Galen
--
Galen Charlton
VP, Data Services
Equinox Software, Inc. / Your Library's Guide to Open Source
email: gmc at esilibrary.com
direct: +1 352-215-7548
skype: gmcharlt
web: http://www.esilibrary.com/
More information about the Open-ils-dev
mailing list