[ZF] Need volunteers to work on security issues

Jim Fulton jim at zope.com
Mon Aug 7 13:00:49 EDT 2006

Occasionally, we discover a security issue in Zope that needs to be  
addressed in a timely manner.  There is a too-small informal cadre of  
volunteers who work on security issues.  We need more people involved  
in this to help get this work done and to give us enough resources to  
make sure it gets done well, for example, with tests.  For obvious  
reasons, this needs to be a trusted group of people, who are well  
known within the community.  Also, I'd like to formalize this a bit  
by creating an identified group of people on a mailing list, so that  
there is no question of who to send issues to.  Alternatively, I  
suppose we could use the collectors as the supporters would see  
security issues.  I'm not sure that collectors have worked all that  
well for security issues in the past.

Finally, I think it would be good to get some representation from  
some of the major Zope projects to that representatives can analyze  
and respond to the impact on their projects.

Thoughts?  Volunteers?


Jim Fulton			mailto:jim at zope.com		Python Powered!
CTO 				(540) 361-1714			http://www.python.org
Zope Corporation	http://www.zope.com		http://www.zope.org

More information about the Foundation mailing list