incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: Vulnerability fixed in LibreOffice
Date Tue, 11 Oct 2011 00:08:40 GMT
Not to make too fine a point of it, but security@apache.org (another private list) is automatically
included on everything that happens on ooo-security @incubator.apache.org.  It is not like
there is any absence of oversight.

Also, as a member of the ooo-security list, it never occurred to me that security @tdf and,
if different, securityteam @OO.o, would not be informed of anything that came to ooo-security
that represented a (potential) common vulnerability.  I can't imagine that not being done.
 I can't imagine it even being a question.

 - Dennis

-----Original Message-----
From: Rob Weir [mailto:robweir@apache.org] 
Sent: Monday, October 10, 2011 15:58
To: ooo-dev@incubator.apache.org
Subject: Re: Vulnerability fixed in LibreOffice

[ ... ]

I think it would be good if the PPMC wanted to express to the
ooo-security members that they want us to make security collaboration
with TDF/LO a priority and to make every effort to share all
appropriate information with TDF/LO.  I'd support that.  This could be
solemnized by having a few Apache members, maybe mentors, affirm that
they will make an effort to monitor that ooo-security list and to
escalate to the AOOo PPMC is there is any backsliding on this.

-Rob


Mime
View raw message