incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pavel Janík <Pa...@Janik.cz>
Subject Re: Population of ooo-security
Date Fri, 29 Jul 2011 06:13:42 GMT
Hi Andre,

On Jul 29, 2011, at 7:50 AM, André Schnabel wrote:

>> I must confess I find it really strange that policies seem to be changed here.
>> 
>> We had a good team at OpenOffice.org 
> 
> Well .. this is not OpenOffice.org, this is Apache.  ;)


first, I thought this is ironic note, but then I have to agree. And I have to say that I have
changed my mind in this. I'll explain:

Security was not the primary goal back in OOo project. After security team was established,
it gets the attention it requires. Even at these days, Sun security team was consulted many
times. When Oracle bought Sun, the same happen with Oracle security team. And when I think
about this in general, this is my proposal:

Apache has its general security related list - security@apache.org.

Apache OpenOffice.org project should have its own list as well - AOOo SEC or how it will be
named... Only people from Apache security team and AOOo project should be there.

OpenOffice.org, LibreOffice and other downstreams should continue to discuss their relevant
security issues somewhere, because this was the thing that worked perfectly in the past. But
this place can't be AOOo security mailing list. I'd be happy if this (CLOSED!) discussion
place about not yet disclosed vulnerabilities can be hosted at Apache.

If Apache project can't host such discussion place, then yes, this could be only because of
BO ;-)
-- 
Pavel Janík




Mime
View raw message