Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [glassfish-dev] Glassfish project committers and EF Gitlab
Hi Marta,

I would like to know about other options, because I think that some committers are not much interested about all GlassFish issues and they target just parts of the GlassFish projects. For example Petr Aubrecht did lot of work related to adoption of the Jakarta Concurrency, but if he still didn't log in to GitLab, I expect he doesn't care about GitLab issues. I asked him now to do that for sure, but I don't have direct contact to all these people.

I think we are also able to specify a list of committers who would like to read and react to vulnerability reports if this would be an option. The disadvantage would be that it would be another list to maintain so we will try to do the cleanup first.
-- 
David Matejcek | OmniFish
david.matejcek@xxxxxxxxxxx
On 23. 07. 24 10:40, Hiroki Sawamura (Fujitsu) wrote:
HI

For now, it would be best to make the vulnerability report accessible to GlassFish committers who have GitLab accounts.

Kind regards,
Hiroki

From: glassfish-dev <glassfish-dev-bounces@xxxxxxxxxxx> On Behalf Of Marta Rybczynska via glassfish-dev
Sent: Tuesday, July 23, 2024 4:37 PM
To: david.matejcek@xxxxxxxxxxx; glassfish developer discussions <glassfish-dev@xxxxxxxxxxx>
Cc: Marta Rybczynska <marta.rybczynska@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [glassfish-dev] Glassfish project committers and EF Gitlab

Hello David and team,
I leave a solution to the Glassfish project team, you are the best ones to know how to handle it. What the Security Team needs to know is whom to add to security tickets. In your case, there is a big number of committers, and probably not everyone is needed for each issue. Please discuss between you, and tell us what is the way to follow. The Glassfish project is receiving vulnerability reports regularly (what is a good thing: a sign that there are users!) so it is good to have the best set of people for resolving them from the first day. We can have a chat/video call if you want to discuss options and procedures.

Kind regards,
Marta

On Mon, Jul 22, 2024 at 7:18 PM David Matejcek via glassfish-dev <mailto:glassfish-dev@xxxxxxxxxxx> wrote:
Hi, 

we discussed some time ago that we should do some cleanup in committers - some names are really inactive, some do PRs once per year, and we can ask the rest to do the login in a month?
Also - is it a problem just to not add people missing in GitLab?

Back to the top