incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Norbert Thiebaud <nthieb...@gmail.com>
Subject Re: Population of ooo-security
Date Fri, 29 Jul 2011 20:06:36 GMT
On Fri, Jul 29, 2011 at 2:04 PM, Dave Fisher <dave2wave@comcast.net> wrote:
>
>
> Let's stop misinterpreting and offending each other and find a way to co-operate.
>
> Several possibilities have been discussed.
>
> (1) A private list of experts that will be contacted as needed by ooo-security. Maybe
this should be public, self-identified and on the commiunity wiki?
>
> (2) A list of interested, interrelated projects that want to be informed of upcoming
fixes, etc, slightly in advance. Registered on the community wiki?
>
> (3) Remembering that anyone who actually has an issue can report it to ooo-security and
ooo-security would likely include that individual in their discussion and remediation. Other
APache projects actually show who reported, when it was privately and when it was publicly
disclosed.
>
> (4) An offer to anyone who is an OOo security expert including LO/TDF people to join
the podling as a committer and member of the PPMC - requires an ICLA (which is not a baptism
nor is it circumcision) and the vote of the PPMC.
>
> Do you have something constructive to add here?

yes:  to quote Malte Timmermann:

(0) "From the people on the current OOo security team, there are
(iirc) only 2 people beside myself who regularly worked on fixes for
security issues: Caolan McNamara and Rene Engelhard. I would like to
add them to ooo-security. They are also in the LibO security team, so
adding them should give enough LibO coverage."

Norbert

Mime
View raw message