Return-Path: 
 <general-return-35397-apmail-incubator-general-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-general-archive@www.apache.org
Delivered-To: apmail-incubator-general-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 1AD5796C7
	for <apmail-incubator-general-archive@www.apache.org>;
 Thu, 12 Apr 2012 22:01:12 +0000 (UTC)
Received: (qmail 92203 invoked by uid 500); 12 Apr 2012 22:01:11 -0000
Delivered-To: apmail-incubator-general-archive@incubator.apache.org
Received: (qmail 91932 invoked by uid 500); 12 Apr 2012 22:01:11 -0000
Mailing-List: contact general-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:general-help@incubator.apache.org>
List-Unsubscribe: <mailto:general-unsubscribe@incubator.apache.org>
List-Post: <mailto:general@incubator.apache.org>
List-Id: <general.incubator.apache.org>
Reply-To: general@incubator.apache.org
Delivered-To: mailing list general@incubator.apache.org
Received: (qmail 91923 invoked by uid 99); 12 Apr 2012 22:01:10 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Apr 2012 22:01:10 +0000
X-ASF-Spam-Status: No, hits=-0.7 required=5.0
	tests=RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of rgardler@opendirective.com
 designates 209.85.212.177 as permitted sender)
Received: from [209.85.212.177] (HELO mail-wi0-f177.google.com)
 (209.85.212.177)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 12 Apr 2012 22:01:04 +0000
Received: by wibhj13 with SMTP id hj13so1893831wib.0
        for <general@incubator.apache.org>;
 Thu, 12 Apr 2012 15:00:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=opendirective.com; s=opendirective;
        h=mime-version:x-originating-ip:in-reply-to:references:from:date
         :message-id:subject:to:content-type:content-transfer-encoding;
        bh=sX34gg9h0moez9ySx6En/CnxIuGJMMtNZrLhbLrurjE=;
        b=FS8FHsyZjf+qzVHW7QH++RpfnzdNwWjH0vsu8TgFzrvhAVPpJYiLbl0S2StIM7nvaZ
         dzho30mHmj3tTdJHbd+j7uGe/+s8Mip9cbPUqB8kkUO3VtpryeKYZykaz8na3LT6FDB+
         MYkme8v8uxFSNRJS7hNiE1zpeYNUiE2N/64s4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20120113;
        h=mime-version:x-originating-ip:in-reply-to:references:from:date
         :message-id:subject:to:content-type:content-transfer-encoding
         :x-gm-message-state;
        bh=sX34gg9h0moez9ySx6En/CnxIuGJMMtNZrLhbLrurjE=;
        b=kl7tcfdQBOW3Js2FVzdrc0MSRFXrYFKDiDF+2PRLFrHgMYjkgLcPzz+KvEcRnH+7/g
         SCA3nvnGR4Fe32Gs8aDNI5ucb76LAnSub8mo723VTHu08S+kXsGFTOGqI5ks+AOaIbcv
         9tfbnsORoiD3H9I1q6obRgfT3s9ZQV9lx877Fwu47fhNknSV3yMjPYOZyGEp/pvhCoMi
         uKNVCGD0x3SSypE+3slMG5UGcj9X/Ehiewf35vjnUIbwfE+A2itTOe5f7bPmpQ10y2xE
         eFSz/y6HRcfD/1uTf6fLQf3Qk1TySAVp3porNHHoA2/EdMV//rdp7QWifO6lVP+ZO/+N
         8vEA==
Received: by 10.216.194.102 with SMTP id l80mr2476413wen.1.1334268043711; Thu,
 12 Apr 2012 15:00:43 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.180.163.197 with HTTP; Thu, 12 Apr 2012 15:00:03 -0700 (PDT)
X-Originating-IP: [86.152.200.255]
In-Reply-To: 
 <CAP-ksoiBoF1VqsvihpuY5eQgHQB55fEnr_7vNZ_M-Drp1f1u6w@mail.gmail.com>
References: 
 <CAOFYJNb7NsegxPoWCvp8p2SnmAPrw15jk0aNxmmgt7rhNq+9RA@mail.gmail.com>
 <4F866B7D.7050301@rowe-clan.net>
 <AD1F4C16-EBE4-487F-B2EF-2A7E44F32DDE@comcast.net>
 <CAKQbXgDn5dqK=t2oNoF2YCCG8ZpzBaYiZBE+K-mW4rxygqOtRg@mail.gmail.com>
 <CAJO+UbuUokbvbEpiY+yd7no23DnnPMVEyZ_faPhDm3yB=kAEmw@mail.gmail.com>
 <CAKQbXgBQbrJYBdf6UM9QfXf4dCZuUj21L5mjNMATgzt5+DPKWQ@mail.gmail.com>
 <CAKQbXgDOom6y929TZRyjtQzHNrF0Z+aFO=0k1AHpnP3yWPOV=A@mail.gmail.com>
 <CAJO+UbsBcBQg_NstOXXmv332teqFN4D_YRQ+yy8qh9QQuxj9Lg@mail.gmail.com>
 <00d201cd18c9$e7d2fdf0$b778f9d0$@acm.org>
 <CAKQbXgCDSw3+CgfJrm7446+Y4Er9CDksud87U-q-vNyeO90yGQ@mail.gmail.com>
 <015701cd18e6$ec90cdf0$c5b269d0$@acm.org>
 <CB51D225-6752-42C6-B441-17F340EB12CA@comcast.net>
 <CAP-ksoiBoF1VqsvihpuY5eQgHQB55fEnr_7vNZ_M-Drp1f1u6w@mail.gmail.com>
From: Ross Gardler <rgardler@opendirective.com>
Date: Thu, 12 Apr 2012 23:00:03 +0100
Message-ID: 
 <CAKQbXgAHdt-U_xZ89PbE7oagt5kqzPZwTmhmba6CJbdhfrYt=Q@mail.gmail.com>
Subject: Re: Extraordinary OpenOffice security patch (Was: [Incubator Wiki]
 Update of "April2012" by robweir)
To: general@incubator.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Gm-Message-State: 
 ALoCoQmqdwmHDrcwSynbZWpxyiSCM6GIleZAH/wYPMh91LrJlg3BDyoNYYQYRyfH1cV3+kbIi50i
X-Virus-Checked: Checked by ClamAV on apache.org

On 12 April 2012 22:20, Rob Weir <robweir@apache.org> wrote:
> On Thu, Apr 12, 2012 at 5:08 PM, Dave Fisher <dave2wave@comcast.net> wrot=
e:

...

>> Normally a podling will set the PMC as part the graduation resolution. P=
erhaps the AOO PPMC membership needs to be revised sooner. Any advice?

...

> I have no doubts that as a TLP the AOO PMC will shed 30%+ of the
> current membership. =A0That would take care of the names of people who
> signed up, returned the ICLA but then have not been heard of since. =A0I
> think we can reach the point where matters of some sensitivity can be
> shared more broadly on ooo-private.

I agree, you saved me some time in my reply.

Any culling of the PPMC should, IMHO as a mentor, be done in the same
way we would for any other project. That is those who have not
participated in the community will not form a part of the PMC. It is
possible that we will start this process a little early with the AOO
project since it is so large. However, at least for me, the idea of
doing this before the project has a release to work on seems strange.

I am strongly -1 against doing it because of a misunderstanding about
why some people feel excluded from the handling of this security
issue. As Rob puts it...

> This is not about
> trust. =A0It is about compartmentalization, =A0In other words, the
> security list is about security.

This is really important yet seems to be repeatedly missed.

I've said many times both here and on AOO lists - nobody was
explicitly *excluded* because of a lack of trust. Some people were
explicitly *included* because their input was needed. I've enumerated
that list of participants in this very thread as well as in others
elsewhere.

I invite the IPMC to consider whether we excluded the board members
who are also AOO mentors because we didn't trust them? Of course not
and the same goes for everyone else who we chose not to include.

I will note that I, as a mentor, felt safe in the knowledge that those
not included in my communications about this issue were cable of
exercising their right to monitor the ooo-security list or the
legal-internal list. If they were monitoring either list then they
knew about our actions.My understanding is that Dave, as a mentor and
representative of the IPMC, has chosen not to monitor those lists and
therefore feels excluded . I would argue that there is a world of
difference between those "in the know" choosing who in the IPMC and
the broader ASF to explicitly include (which is what we did) compared
to choosing who to exclude (which we did not do).

I will note that the same argument cannot be made for PPMC members who
feel excluded. It is good to note that Rob has, presumably as a result
of this thread, proposed a few new members of the ooo-security list.
Any PPMC member feeling they are left out should ask for consideration
on the ooo lists, this is not a matter for the IPMC to resolve.

Ross

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org