incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Danese Cooper <>
Subject Re: Population of ooo-security
Date Fri, 29 Jul 2011 16:54:34 GMT
Okay, this isn't going well.

With my Mentor hat on, allow me to explain that part of the Apache Way is a
practice of establishing who is responsible (to the ASF) to see that a given
project is well-executed.  We feel very strongly about that responsibility,
and in this case we've been given a codebase and certain other assets and
we're undertaking to treat them with the same care we have with every other
project we've incubated.  Only people recognized as committers can "own" the
problem of security for this codebase.  It is this way to protect both the
ASF and the codebase.

I realize better than many that this was handled another way in the past.
 The advantage of Apache as a home for is the size and
robustness of the ASF, but that comes with the price of some necessary
consistency in how we deal with all of our projects.  Rather than arguing
back and forth will only result in hurt feelings.  Nobody is trying to
persecute anybody here, nor are we trying to be non-inclusive...we're just
trying to set up the structures that are working well (both legally and from
a community perspective) on our top level that
has a chance of graduating to join them.

So everybody please calm down.

I'd propose that we (as a project) decide how best to work with LibreOffice
to identify people who would like to serve as liasons for security. If
indeed nobody wants to sign an iCLA, then we'll gladly subscribe LO to
receive downstream notifications rather than early disclosure of any issues
that arise.  That is suboptimal, but until more diplomacy and trust work is
done it may be the best we can do.


> Sarcasm does not "travel well", maybe you should add <sarcasm>
> </sarcasm> to the above paragraph ?
> Norbert

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message