incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Re: Population of ooo-security
Date Fri, 29 Jul 2011 16:58:17 GMT

On Jul 29, 2011, at 9:26 AM, Norbert Thiebaud wrote:

> On Fri, Jul 29, 2011 at 10:48 AM, Rob Weir <apache@robweir.com> wrote:
>> On Fri, Jul 29, 2011 at 10:58 AM, Florian Effenberger
>> <floeff@documentfoundation.org> wrote:
>>> Hi,
>>> 
>>> Rob Weir wrote on 2011-07-29 16:49:
>>>> 
>>>> What did you think of Simon's idea of having a discussion list,
>>>> perhaps outside of Apache, where interested parties could discuss
>>>> issues related to the security of OOo and related code bases?
>>>> Something like that could be useful, even if it is not part of the
>>>> official incident response process of Apache or LibreOffice.
>>> 
>>> I was not talking about chatting on security topics, I was talking about
>>> effectively cooperating on security issues, like we did in the past, in a
>>> trusted, well-proven group.
>>> 
>>> However, people made it clear that this is not of interest, so I simply shut
>>> up here.
>>> 
>> 
>> The offer remains open:  If any LibreOffice security expert joins this
>> list, states that they have relevant expertise and that expresses a
>> commitment to work on Apache OpenOffice security, and are willing to
>> sign and return the Apache iCLA, then I will gladly nominate them as a
>> committer and recommend that they be added to the ooo-security list.
> 
> Sarcasm does not "travel well", maybe you should add <sarcasm>
> </sarcasm> to the above paragraph ?

I think that Rob is being serious here, he's mentioned this twice. There are rules, but there
are ways to deal with those rules.

I fail to see any sarcasm in this honest offer and I second the offer including PPMC membership.
If a known OOo security expert wishes to join our podling we should make all necessary efforts
to include them.

The PPMC would have to discuss and vote about any individual nominated on ooo-private and
that might take a week, but that's an administrative matter. Why a week? There is a 72 hour
or so discussion period followed by a 72 hour or so voting period.

Regards,
Dave


Mime
View raw message