Alessandra Forti wrote:
> I think that an easy way out of this could be that all the
> administrators _registered_ in the GOC DB have access to savannah, or
> since savannah sends emails, lcg-security-contacts mailing list is added
> to the list of receipients. This last solution is more appealing for me
> for maintainance reasons. The list will be dynamically created from the
> GOC DB and admins/security contacts have to register only in one place;
> and when they leave the project they have to be removed only from one
> place.
Hello Alessandra,
I've been exchanging emails with Ian Neilson, who has been extremely
helpful in getting me set up so that I can access the
project-lcg-security-contacts mailing list archives. (Thanks, Ian!)
However, there are a lot of messages in there -- I don't think providing
access to the mailing list archives (whilst definitely useful) should be
considered a substitute for keeping a single, central record of all
(expired) security bugs.
(Looking through some of the "issues that have passed the target time"
messages detailing newly-published bugs, I am rather concerned with how
these bugs are being handled, but that is another discussion entirely.)
Cheers,
David
--
David McBride <[log in to unmask]>
Department of Computing, Imperial College, London
|