[ZF] Need volunteers to work on security issues

Christian Theune ct at gocept.com
Mon Aug 7 15:42:57 EDT 2006


Jim Fulton wrote:
> Occasionally, we discover a security issue in Zope that needs to be 
> addressed in a timely manner.  There is a too-small informal cadre of 
> volunteers who work on security issues.  We need more people involved in 
> this to help get this work done and to give us enough resources to make 
> sure it gets done well, for example, with tests.  For obvious reasons, 
> this needs to be a trusted group of people, who are well known within 
> the community.  Also, I'd like to formalize this a bit by creating an 
> identified group of people on a mailing list, so that there is no 
> question of who to send issues to.  Alternatively, I suppose we could 
> use the collectors as the supporters would see security issues.  I'm not 
> sure that collectors have worked all that well for security issues in 
> the past.
> Finally, I think it would be good to get some representation from some 
> of the major Zope projects to that representatives can analyze and 
> respond to the impact on their projects.
> Thoughts?  Volunteers?

Great idea, especially the mailinglist as a well known public contact. I 
volunteer as well.


gocept gmbh & co. kg - forsterstraße 29 - 06112 halle/saale - germany
www.gocept.com - ct at gocept.com - phone +49 345 122 9889 7 -
fax +49 345 122 9889 1 - zope and plone consulting and development

More information about the Foundation mailing list