Re: CVE-2022-24706: Apache CouchDB: Remote Code Execution Vulnerability in Packaging

[Jan Lehnardt <jan () apache org>]

> On 9. May 2022, at 11:46, Archange <archange () activis me> wrote:
>
> Le 09/05/2022 à 13:41, Jan Lehnardt a écrit :
> > Hi Bruno,
> >
> > first of all, thanks for maintaining CouchDB for Arch. Secondly, for any security related questions, please do not 
> > hesitate to contact security () couchdb apache org instead of any one of the team individually, as we can’t know if 
> > any of is available at all times (vacations and whatnot :)
>
> Sure, you should put this address in copy when posting to oss-security then, so you would be sure people reply to 
> that one too. ;)

This is automated by ASF infrastructure, I sadly have no say over this. But maybe we can a footer with the address next 
time :)

> > As for your questions, see this PR to our packaging infrastructure for how we handle this on Debian and 
> > Centos/Rocky: https://github.com/apache/couchdb-pkg/pull/92/files
>
> Thanks, so you use a default env file to set the variable and allow people to easily change it in the case of a 
> clustered setup. Will do so as well then!

Perfect, thanks!
Jan
—