incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Shahaf <...@daniel.shahaf.name>
Subject Re: Population of ooo-security
Date Thu, 28 Jul 2011 22:24:40 GMT
We have processes, but we don't stick to them blindly.

Rob Weir wrote on Thu, Jul 28, 2011 at 18:17:14 -0400:
> On Thu, Jul 28, 2011 at 5:41 PM, Florian Effenberger
> <floeff@documentfoundation.org> wrote:
> > Hello,
> >
> > Dennis E. Hamilton wrote on 2011-07-28 22:04:
> >>
> >> I support Malte's recommendation to add two individuals that are currently
> >> in-common with respect to OpenOffice.org (traditional) and LibreOffice.
> >
> > I must confess I find it really strange that policies seem to be changed
> > here.
> >
> 
> And I'm sure there would be people at Apache that would think it
> strange if we started doing things differently than every other Apache
> project does it.
> 
> > We had a good team at OpenOffice.org working on various security aspects
> > (reporting, fixing, communicating), and when LibreOffice started, we
> > unbureaucratically continued to work with the same set of people that has
> > been proven trustworthy already. Everyone agreed that security is one of the
> > areas where cooperation is possible without any politics involved.
> >
> 
> We shouldn't confuse lack of process for lack of politics, or presence
> of process for presence of politics.  Apache has more process here
> because it has, through experience and pain (somewhat the same thing),
> and by managing many open source projects over many years, evolved a
> set of procedures for how security is handled.  As one of the leading
> open source foundation it is important that we have a unified way of
> handling these things.  Equating process with bureaucracy is a naive
> view.  Organizations that are serious about security, whether open
> source or commercial, have defined procedures for handling security
> incidents.  Users expect no less.
> 
> > I don't know the exact recipient list of the current OOo security list, but
> > my proposal would simply have been to continue working with those people. I
> > simply see no reason for changing that (and the notion of "We do things
> > different here" is no valid argument at all to me).
> >
> > But maybe that's just my idea. Well, anyways, back to important stuff.
> >
> > Florian
> >
> > --
> > Florian Effenberger <floeff@documentfoundation.org>
> > Steering Committee and Founding Member of The Document Foundation
> > Tel: +49 8341 99660880 | Mobile: +49 151 14424108
> > Skype: floeff | Twitter/Identi.ca: @floeff
> >

Mime
View raw message