I love the way you phrased this, httpd should steal this for our site :)
Bill
[EMAIL PROTECTED] wrote:
Author: markt
Date: Thu Aug 14 03:07:25 2008
New Revision: 685838
URL: http://svn.apache.org/viewvc?rev=685838&view=rev
Log:
Make purpose of security mailing list even clearer. Could now just provide a
link to this page in response to non-issue mails to the security address.
Modified:
tomcat/site/trunk/docs/security.html
tomcat/site/trunk/xdocs/security.xml
Modified: tomcat/site/trunk/docs/security.html
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security.html?rev=685838&r1=685837&r2=685838&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security.html (original)
+++ tomcat/site/trunk/docs/security.html Thu Aug 14 03:07:25 2008
@@ -262,17 +262,36 @@
<p>The Apache Software Foundation takes a very active stance in eliminating
security problems and denial of service attacks against Apache Tomcat.
</p>
+
<p>We strongly encourage folks to report such problems to our private
security mailing list first, before disclosing them in a public
forum.</p>
<p>
-<strong>We cannot accept regular bug reports or other queries at this
- address, we ask that you use our <a href="bugreport.html">bug reporting
- page</a> for those. All mail sent to this address that does not relate
to
- security problems in the Apache Tomcat source code will be ignored.
- </strong>
+<strong>Please note that the security mailing list should only be used
+ for reporting undisclosed security vulnerabilities in Apache Tomcat and
+ managing the process of fixing such vulnerabilities. We cannot accept
+ regular bug reports or other queries at this address. All mail sent to
+ this address that does not relate to an undisclosed security problem in
+ the Apache Tomcat source code will be ignored.</strong>
</p>
- <p>The mailing address is: <a href="mailto:[EMAIL PROTECTED]">
+
+ <p>If you need to report a bug that isn't an undisclosed security
+ vulnerability, please use the <a href="bugreport.html">bug reporting
+ page</a>.</p>
+
+ <p>Questions about:</p>
+ <ul>
+ <li>how to configure Tomcat securely</li>
+ <li>if a vulnerability applies to your particular application</li>
+ <li>obtaining further information on a published vulnerability</li>
+ <li>availability of patches and/or new releases</li>
+ </ul>
+ <p>should be address to the users mailing list. Please see the
+ <a href="lists.html">mailing lists</a> page for details of how to
+ subscribe.</p>
+
+ <p>The private security mailing address is:
+ <a href="mailto:[EMAIL PROTECTED]">
[EMAIL PROTECTED]</a>
</p>
Modified: tomcat/site/trunk/xdocs/security.xml
URL:
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security.xml?rev=685838&r1=685837&r2=685838&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security.xml (original)
+++ tomcat/site/trunk/xdocs/security.xml Thu Aug 14 03:07:25 2008
@@ -48,15 +48,34 @@
<p>The Apache Software Foundation takes a very active stance in eliminating
security problems and denial of service attacks against Apache Tomcat.
</p>
+
<p>We strongly encourage folks to report such problems to our private
security mailing list first, before disclosing them in a public
forum.</p>
- <p><strong>We cannot accept regular bug reports or other queries at this
- address, we ask that you use our <a href="bugreport.html">bug reporting
- page</a> for those. All mail sent to this address that does not relate
to
- security problems in the Apache Tomcat source code will be ignored.
- </strong></p>
- <p>The mailing address is: <a href="mailto:[EMAIL PROTECTED]">
+ <p><strong>Please note that the security mailing list should only be used
+ for reporting undisclosed security vulnerabilities in Apache Tomcat and
+ managing the process of fixing such vulnerabilities. We cannot accept
+ regular bug reports or other queries at this address. All mail sent to
+ this address that does not relate to an undisclosed security problem in
+ the Apache Tomcat source code will be ignored.</strong></p>
+
+ <p>If you need to report a bug that isn't an undisclosed security
+ vulnerability, please use the <a href="bugreport.html">bug reporting
+ page</a>.</p>
+
+ <p>Questions about:</p>
+ <ul>
+ <li>how to configure Tomcat securely</li>
+ <li>if a vulnerability applies to your particular application</li>
+ <li>obtaining further information on a published vulnerability</li>
+ <li>availability of patches and/or new releases</li>
+ </ul>
+ <p>should be address to the users mailing list. Please see the
+ <a href="lists.html">mailing lists</a> page for details of how to
+ subscribe.</p>
+
+ <p>The private security mailing address is:
+ <a href="mailto:[EMAIL PROTECTED]">
[EMAIL PROTECTED]</a></p>
<p>Note that all networked servers are subject to denial of service attacks,
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
