incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <>
Subject RE: Neutral / shared security list ...
Date Tue, 25 Oct 2011 23:11:58 GMT
Andrew, I think part of the confusion is from the discussion leading up to the creation of
ooo-security and some related discussion about why securityteam@ was not enough at that time.

Without getting into the he-said,she-said part of it, that seems to be the origin.  There
was more when the TDF announcement about a CVE came up and securityteam@ was discussed in
that context.

In the face of that, I think it is essential that there be a trustworthy statement to the
effect that none of the things that have not happened will also not happen when ASF has custody.

Absent that, this situation continues.  Perhaps even despite that.  But such an ASF-backed
[PPMC] declaration would accomplish a great deal, it seems to me.

 - Dennis 

-----Original Message-----
From: Andrew Rist [] 
Sent: Tuesday, October 25, 2011 15:59
Subject: Re: Neutral / shared security list ...

I will drop off this thread after this post, as it seems that things are 
working toward a solution.
I would suggest though that it is rather frustrating to see all of this 
ink and blood spilt over what seems to be a misunderstanding.
--continued inline --

On 10/25/2011 3:40 PM, Florian Effenberger wrote:
> Hi,
> Andrew Rist wrote on 2011-10-26 00:34:
>> I do not understand why this is easier than continuing on the existing
>> list.
> when I asked that last time, I heard various replies:
> - You need to be an iCLA signer to be on that list.
You don't - you never have.  This list has been in existence for several 
years, and this has not changed.
> - You need to be an Apache contributor to be on that list.
You don't - you never have.  This list has been in existence for several 
years, and this has not changed.
> - We have no administrative access to that list.
This had not been an issue to date - it seems that this is solvable, and 
a way to create trust between the communities.

I'll add another issue that has been thrown out
   - people getting thrown off the list or excluded
This also has not happened.

it is a bit frustrating to listen to this conversation and the search 
for a cure to a problem that may not have actually ever existed.

> In the meantime, a bunch of other proposals have come in.
> Looking at the history of this issue (Michael outlined it very well), 
> I think a neutral, trusted ground is the best way to cooperate in this 
> matter.
> And again, I think everyone benefits the same from my proposal, with 
> no one overly preferred, and nobody losing anything. It demands the 
> same from everyone.
> Florian


Andrew Rist | Interoperability Architect
OracleCorporate Architecture Group
Redwood Shores, CA | 650.506.9847

View raw message