incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Malte Timmermann <>
Subject Re: Population of ooo-security
Date Fri, 29 Jul 2011 12:56:48 GMT
Hi Florian,

I really disagree to add all the members from OOo and LibO to the AOOo 
security list.

When some representatives from other projects are there, it's up to them 
to decide whether or not some issue also affects the other project, and 
then bring that information to that security team/list.

So it's up to each project's security team to decide whom to add to 
their team/list. Having a big bulk of people on the AOOo security list 
would make it difficult to keep an overview of who is there and why is 
he there.

This was the same with OOo/LibO: You didn't add all people from OOo 
security team to the LibO security list. Just me, and that actually was 
enough IMHO.

Honestly, I don't see a reason to have LibO PR/Marketing people on an 
AOOo security list, _except_ they plan to work on security bulletins or 
PR stuff also for AOOo.

For example: I really like and trust you, but after the LibO fork, I 
would only have added LibO people to the OOo security list who work on 
security analyzes and common patches. I wouldn't have seen any reason to 
add you, knowing that you only do LibO PR, but no OOo PR anymore.
You would have been informed via the LibO security list if needed.

(Sorry to pick your name, but I guess that's a good example to make my 
point clear).

Best regards,

On 28.07.2011 23:41, Florian Effenberger wrote:
> Hello,
> Dennis E. Hamilton wrote on 2011-07-28 22:04:
>> I support Malte's recommendation to add two individuals that are
>> currently in-common with respect to (traditional) and
>> LibreOffice.
> I must confess I find it really strange that policies seem to be changed
> here.
> We had a good team at working on various security aspects
> (reporting, fixing, communicating), and when LibreOffice started, we
> unbureaucratically continued to work with the same set of people that
> has been proven trustworthy already. Everyone agreed that security is
> one of the areas where cooperation is possible without any politics
> involved.
> I don't know the exact recipient list of the current OOo security list,
> but my proposal would simply have been to continue working with those
> people. I simply see no reason for changing that (and the notion of "We
> do things different here" is no valid argument at all to me).
> But maybe that's just my idea. Well, anyways, back to important stuff.
> Florian

View raw message