Not to make too fine a point of it, but security@apache.org (another private list) is automatically
included on everything that happens on ooo-security @incubator.apache.org. It is not like
there is any absence of oversight.
Also, as a member of the ooo-security list, it never occurred to me that security @tdf and,
if different, securityteam @OO.o, would not be informed of anything that came to ooo-security
that represented a (potential) common vulnerability. I can't imagine that not being done.
I can't imagine it even being a question.
- Dennis
-----Original Message-----
From: Rob Weir [mailto:robweir@apache.org]
Sent: Monday, October 10, 2011 15:58
To: ooo-dev@incubator.apache.org
Subject: Re: Vulnerability fixed in LibreOffice
[ ... ]
I think it would be good if the PPMC wanted to express to the
ooo-security members that they want us to make security collaboration
with TDF/LO a priority and to make every effort to share all
appropriate information with TDF/LO. I'd support that. This could be
solemnized by having a few Apache members, maybe mentors, affirm that
they will make an effort to monitor that ooo-security list and to
escalate to the AOOo PPMC is there is any backsliding on this.
-Rob
|