Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [eclipse-pmc] Disclosing resolved vulnerabilities

Hi Wayne,

We have started discussing this and we'll try to get consensus in our next PMC call (June 1). Once we have decided on our general approach we should be able to get most of those bugs disclosed promptly.


Wayne Beaton <emo@xxxxxxxxxxx>
Sent by: eclipse-pmc-bounces@xxxxxxxxxxx

05/25/2011 03:12 PM

Please respond to

"eclipse-pmc@xxxxxxxxxxx" <eclipse-pmc@xxxxxxxxxxx>
[eclipse-pmc] Disclosing resolved vulnerabilities

Greetings Eclipse PMC. There are several bugs marked "committer-only" in
Bugzilla [1]; some have been so-marked for quite a while. These need to
be disclosed at some point.

I have posted a draft of a security policy [2]. In the policy, I have
suggested a minimum time-to-disclose of three months. But I have left
considerable latitude for the PMC to make their own policy decisions.

How do you plan to handle these bugs?

Your comments on the Security Policy are most welcome. Please post your
comments on Bug 337004 [3].



eclipse-pmc mailing list

Back to the top