incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: Vulnerability fixed in LibreOffice
Date Mon, 10 Oct 2011 16:13:27 GMT
Thanks for clarifying that the reciprocation was on the security @tdf list,
and not securityteam@ OO.o.

It was not easy to discern that from your preceding statements or any others 
on this thread.

I certainly agree that the security @tdf can be as exclusive as it chooses.

Now I think it remains to see how some functioning securityteam@OO.o can be
constituted, at that list or elsewhere.

Also, thank you for asserting that securityteam@OO.o is "a cross-vendor, 
cross-project, place to exchange such
information."  I don't recall seeing that statement made so clearly, and it is 
valuable to know that is the mission.  I'm afraid that got lost in the 
to-and-fro here on ooo-dev.

 - Dennis

PS: I don't think there was any AOOo decision to exclude "TDF guys."  There
was a roadblock to entry that applied to anyone not an Apache committer.  I 
find it odd that Malte, an innocent and honorable contributor, became the 
sacrificial proxy of the Apache OOo podling, but it is not, of course, any of 
my business.

-----Original Message-----
From: Michael Meeks [mailto:michael.meeks@suse.com]
Sent: Monday, October 10, 2011 08:37
To: dennis.hamilton@acm.org
Cc: ooo-dev@incubator.apache.org
Subject: RE: Vulnerability fixed in LibreOffice

Hi Dennis,

On Mon, 2011-10-10 at 08:03 -0700, Dennis E. Hamilton wrote:
> How is it that this "reciprocal action" occurred and was made known to
> the Apache OOo podling ?

	Oh - it's quite simple, you ASF/OOo made your decision to not include
TDF guys, and we (without an endless mail thread) made the quiet
decision to drop Malte from our LibreOffice specific mailing list:
tdf-security@lists.documentfoundation.org in response; turning it into a
TDF-ony list. That seems reasonable presumably.

> And how is it that it was performed on securityteam@openoffice.org ?
> When did that become a TDF property?  Who is the "our" in whose name a
> reciprocal action was taken?

	Gosh :-) The securityteam@openoffice.org list stayed exactly as it has
always done - as a cross-vendor, cross-project, place to exchange such
information. No-one was removed from it, Malte is still on it, and Rob
was added. This is where the details were discussed, and the patches
posted. That list is certainly not a TDF property. The tdf-security list
on the other hand is.

> If this was a race to demonstrate who is the least trustworthy in
> these matters, I concede that you won.  Feel better now?

	Thank you for your vote of confidence. The more I hear nonsense talked
about what goes on on private security lists, the more I hate them. If
only they were not necessary.

	All the best,

		Michael.

-- 
michael.meeks@suse.com  <><, Pseudo Engineer, itinerant idiot

Mime
View raw message