Group Proposal, for further discussion: Vulnerability Group
Andrew Haley
aph at redhat.com
Mon Feb 26 08:19:44 UTC 2018
On 21/02/18 06:04, John Coomes wrote:
> First, is it the intent of the Group to allow sharing of vulnerability
> fixes ("Confidential Information" is the term used in the NDLA) among
> Members via means other than the mailing list? Second, more specifically,
> would a repository shared exclusively among Members be an acceptable means
> of sharing vulnerability fixes?
>
> If the answer to either of the above is yes, it would be helpful to amend
> the NDLA to make that clear.
We don't want to overly restrict the means we use to communicate.
Getting the legal agreement changed once it's signed will be extremely
difficult.
Having said that, a single shared repository that contains all of our
most secret information and its entire history doesn't immediately
sound to me like a good idea if we can avoid it. Whatever we do, we
must agree to it as a group, with help and advice from other security
experts.
--
Andrew Haley
Java Platform Lead Engineer
Red Hat UK Ltd. <https://www.redhat.com>
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671
More information about the discuss
mailing list