[OPEN-ILS-DEV] Security team coordination
Jason Stephenson
jstephenson at mvlc.org
Sun Dec 26 19:05:52 EST 2010
Quoting Galen Charlton <gmc at esilibrary.com>:
> Hi,
>
> On Dec 21, 2010, at 1:32 PM, Mike Rylander wrote:
>> So, to that end, I would like to propose the creation of an
>> open-ils-security mailing list.
>
> +1
Another, belated +1.
>
>> Ideas for alternate methods of communication amongst security team
>> members are welcome, so if you can think of something that would work
>> better for those that will be on the team and have less overhead,
>> please reply here!
>
> I think a moderated, private mailing list is fine -- traffic will
> hopefully be low, so I would not anticipate that it would cause any
> significant overhead. All of the members of the security team are
> presumably used to drinking from the open-ils-dev firehose anyway.
>
> One thing that we should discuss is a policy for the archives of the
> security mailing list. I propose that the mailing list be publicly
> archived but under a one-year embargo. This would allow
> communications to be transparent (ultimately) and provide an
> incentive to not let security issues sit fallow while allowing us to
> try to release fixes for major security issues before exploits are
> published.
+1
>
> Regards,
>
> Galen
> --
> Galen Charlton
> VP, Data Services
> Equinox Software, Inc. / Your Library's Guide to Open Source
> email: gmc at esilibrary.com
> direct: +1 352-215-7548
> skype: gmcharlt
> web: http://www.esilibrary.com/
>
>
More information about the Open-ils-dev
mailing list