incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: Vulnerability fixed in LibreOffice
Date Mon, 10 Oct 2011 15:03:21 GMT
The discussion on how ooo-security would (or would not) work, and how cooperation with other
security teams would (or would not work) was quite public and visible on ooo-dev.

How is it that this "reciprocal action" occurred and was made known to the Apache OOo podling?
 And how is it that it was performed on securityteam@openoffice.org ? When did that become
a TDF property?  Who is the "our" in whose name a reciprocal action was taken?  

If this was a race to demonstrate who is the least trustworthy in these matters, I concede
that you won.  Feel better now?

Now, how is d├ętente to be achieved?

 - Dennis

-----Original Message-----
From: Michael Meeks [mailto:michael.meeks@suse.com] 
Sent: Monday, October 10, 2011 03:11
To: ooo-dev@incubator.apache.org
Subject: Re: Vulnerability fixed in LibreOffice

[ ... ]

	I would instead seriously suggest that the Apache OOo decision to
exclude non-committers from the security list (undoing years of trust
and co-operation here) plus our reciprocal action is the ultimate root
cause of this communication problem. Fixing that by re-visiting that
decision seems like the cheapest approach. Having dozens of contact
points for umpteen different lists seems like a sure-fire recipe for
disaster.

[ ... ]


Mime
View raw message