incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ant elder <ant.el...@gmail.com>
Subject Re: Extraordinary OpenOffice security patch (Was: [Incubator Wiki] Update of "April2012" by robweir)
Date Thu, 12 Apr 2012 09:04:17 GMT
On Thu, Apr 12, 2012 at 9:36 AM, Ross Gardler
<rgardler@opendirective.com> wrote:
> On 12 April 2012 09:27, Ross Gardler <rgardler@opendirective.com> wrote:
>> On 12 April 2012 08:59, ant elder <ant.elder@gmail.com> wrote:
>>> On Thu, Apr 12, 2012 at 8:37 AM, Ross Gardler
>>> <rgardler@opendirective.com> wrote:
>>>> On 12 April 2012 07:48, Dave Fisher <dave2wave@comcast.net> wrote:
>>>>
>>>> ...
>>>>
>>>>> Sorry, I can't remain mute, but I offended anyone, sorry, but this was
wrongly done. I don't know a better way....
>>>>
>>>> As one of the "inner circle" I am not offended. All your points are
>>>> valid. Thank you for sharing them.
>>>>
>>>> This was the first and, in all likelihood the last time such an
>>>> unusual circumstance will arise. There is no right or wrong way of
>>>> handling these things.
>>>>
>>>> Had we included x then y would have felt excluded, this is what we are
>>>> seeing here. However, the line must be drawn somewhere.
>>>>
>>>
>>> Surely at the ASF the line is at PMC membership. If only a subset of
>>> the PPMC is trusted enough to be part of some inner circle then the
>>> PPMC should be disbanded and reformed from just that inner circle.
>>
>> This is a podling with a very unusual history. it is not as simple as
>> that. However, your general observation is a valid one. The time for
>> addressing this is during incubation when it becomes possible to
>> determine who is contributing positively to the running of the PPMC.
>
> I should also point out that the perception that information was kept
> to a limited group implies mistrust of PPMC members is *false*. The
> PPMC have an appointed security team just as many top level PMCs do
> that team is tasked with handling security issues and it did so in
> this case.
>
> As has been noted, this was *not* an ASF release, only one
> *facilitated* by the ASF in the interests of supporting legacy users
> of a project that has come to incubation. It is a very unusual
> situation to which normal ASF policy does not apply. Handling it
> outside normal ASF processes does not imply a problem with those
> processes or the PPMC.
>
> Ross
>

Ross, I'm not trying to stick an oar in or anything and i don't know
the details of what was done other than whats in this thread here, it
just seems odd to me and it seems like there is some acknowledgement
that this wasn't done perfectly so we the Incubator PMC should
understand what happened. Sure there are other security teams but
AFAIK they operate in conjunction with PMCs and keep PMCs in the loop
that something is going on just withholding precise details of the
vulnerability.

   ...ant

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message