incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ross Gardler <rgard...@opendirective.com>
Subject Re: Extraordinary OpenOffice security patch (Was: [Incubator Wiki] Update of "April2012" by robweir)
Date Thu, 12 Apr 2012 22:00:03 GMT
On 12 April 2012 22:20, Rob Weir <robweir@apache.org> wrote:
> On Thu, Apr 12, 2012 at 5:08 PM, Dave Fisher <dave2wave@comcast.net> wrote:

...

>> Normally a podling will set the PMC as part the graduation resolution. Perhaps the
AOO PPMC membership needs to be revised sooner. Any advice?

...

> I have no doubts that as a TLP the AOO PMC will shed 30%+ of the
> current membership.  That would take care of the names of people who
> signed up, returned the ICLA but then have not been heard of since.  I
> think we can reach the point where matters of some sensitivity can be
> shared more broadly on ooo-private.

I agree, you saved me some time in my reply.

Any culling of the PPMC should, IMHO as a mentor, be done in the same
way we would for any other project. That is those who have not
participated in the community will not form a part of the PMC. It is
possible that we will start this process a little early with the AOO
project since it is so large. However, at least for me, the idea of
doing this before the project has a release to work on seems strange.

I am strongly -1 against doing it because of a misunderstanding about
why some people feel excluded from the handling of this security
issue. As Rob puts it...

> This is not about
> trust.  It is about compartmentalization,  In other words, the
> security list is about security.

This is really important yet seems to be repeatedly missed.

I've said many times both here and on AOO lists - nobody was
explicitly *excluded* because of a lack of trust. Some people were
explicitly *included* because their input was needed. I've enumerated
that list of participants in this very thread as well as in others
elsewhere.

I invite the IPMC to consider whether we excluded the board members
who are also AOO mentors because we didn't trust them? Of course not
and the same goes for everyone else who we chose not to include.

I will note that I, as a mentor, felt safe in the knowledge that those
not included in my communications about this issue were cable of
exercising their right to monitor the ooo-security list or the
legal-internal list. If they were monitoring either list then they
knew about our actions.My understanding is that Dave, as a mentor and
representative of the IPMC, has chosen not to monitor those lists and
therefore feels excluded . I would argue that there is a world of
difference between those "in the know" choosing who in the IPMC and
the broader ASF to explicitly include (which is what we did) compared
to choosing who to exclude (which we did not do).

I will note that the same argument cannot be made for PPMC members who
feel excluded. It is good to note that Rob has, presumably as a result
of this thread, proposed a few new members of the ooo-security list.
Any PPMC member feeling they are left out should ask for consideration
on the ooo lists, this is not a matter for the IPMC to resolve.

Ross

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message