Group Proposal, for discussion: Vulnerability Group
Mario Torre
neugens.limasoftware at gmail.com
Thu Aug 24 17:53:02 UTC 2017
Hi Mark!
This is a fantastic news, thanks for moving this forward!
My only complain is that now I have one argument less for FOSDEM ;)
Cheers,
Mario
2017-08-24 17:49 GMT+02:00 <mark.reinhold at oracle.com>:
> (This is not a call for votes; it is just a call for discussion.)
>
> The Governing Board has been discussing the creation of a Vulnerability
> Group for a while now. This new Group is intended to be a secure,
> private forum in which trusted members of the OpenJDK Community can
> receive reports of vulnerabilities in OpenJDK code bases, review them,
> collaborate on fixing them, and coordinate the release of such fixes.
>
> This Group will be unusual in several respects, due to the sensitive
> nature of its work: Membership will be more selective, there will be a
> strict communication policy, and members (or their employers) will need
> to sign a non-disclosure and license agreement. These requirements do,
> strictly speaking, violate the OpenJDK Bylaws. The Governing Board has
> discussed this, however, and I expect that the Board will approve the
> creation of this Group with these exceptional requirements.
>
> I've posted a detailed proposal for the Vulnerability Group here:
>
> http://cr.openjdk.java.net/~mr/ojvg/
>
> That document contains a link to a draft of the non-disclosure and
> license agreement.
>
> The initial Lead of the Vulnerability Group will be Andrew Gross, who
> leads Oracle's internal Java Vulnerability Team.
>
> Comments?
>
> - Mark
--
pgp key: http://subkeys.pgp.net/ PGP Key ID: 80F240CF
Fingerprint: BA39 9666 94EC 8B73 27FA FC7C 4086 63E3 80F2 40CF
Java Champion - Blog: http://neugens.wordpress.com - Twitter: @neugens
Proud GNU Classpath developer: http://www.classpath.org/
OpenJDK: http://openjdk.java.net/projects/caciocavallo/
Please, support open standards:
http://endsoftpatents.org/
More information about the discuss
mailing list