Thanks.
In the meantime, comments on the security policy would be
appreciated.
Wayne
On 05/26/2011 03:21 PM, John Arthorne wrote:
Hi Wayne,
We have started discussing this and
we'll try to get consensus in our next PMC call (June 1). Once we
have
decided on our general approach we should be able to get most of
those
bugs disclosed promptly.
John
Greetings Eclipse PMC. There are several bugs marked
"committer-only" in
Bugzilla [1]; some have been so-marked for quite a while. These
need to
be disclosed at some point.
I have posted a draft of a security policy [2]. In the policy, I
have
suggested a minimum time-to-disclose of three months. But I have
left
considerable latitude for the PMC to make their own policy
decisions.
How do you plan to handle these bugs?
Your comments on the Security Policy are most welcome. Please
post your
comments on Bug 337004 [3].
Thanks,
Wayne
[1]
https://bugs.eclipse.org/bugs/buglist.cgi?query_format=advanced;field0-0-0=bug_group;type0-0-0=equals;value0-0-0=Security_Advisories;classification=Eclipse
[2]
http://www.eclipse.org/security/policy.php
[3]
https://bugs.eclipse.org/bugs/show_bug.cgi?id=337004
_______________________________________________
eclipse-pmc mailing list
eclipse-pmc@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipse-pmc
_______________________________________________
eclipse-pmc mailing list
eclipse-pmc@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/eclipse-pmc
|