incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <orc...@apache.org>
Subject RE: [DISCUSS] Neutral / shared security list proposal
Date Fri, 21 Oct 2011 17:29:11 GMT
Excuse me Michael, the proposal I am referring to was offered by Simon Phipps 
and I included his message.

If you don't want to accept the OUTLINE PROPOSAL or start from it as a point 
of discussion, that is fine.  Just be clear that Simon's proposal was the one 
that I was replying about and proposing be [DISCUSS]ed on ooo-dev too.

I was hoping that Simon's good offices in mediating this would be valuable. 
Is that not acceptable?

What I like about Simon's proposal is that it is the least disruptive, and it 
adds meritocracy and (private) transparency features to how securityteam@OO.o 
operates.  I assume that the current securityteam@ OO.o list would be 
grandfathered in.  Why not?

I pointed out in starting this [DISCUSS] thread that there is enough 
connection from ooo-security so that ASF can be represented well enough in 
discussion on securityteam@ OO.o to forward Simon's proposal, if there is 
agreement to do that.  I don't see where anything about myself, Rob, and 
Caolan are in the message you are responding to.

With regard to how the list software works/might-not/doesn't, can these 2d and 
3rd order issues be deferred until the big questions are handled?

 - Dennis

-----Original Message-----
From: Michael Meeks [mailto:michael.meeks@suse.com]
Sent: Friday, October 21, 2011 10:07
To: orcmid@apache.org
Cc: 'Simon Phipps'; ooo-dev@incubator.apache.org; lsecurity
Subject: Re: [DISCUSS] Neutral / shared security list proposal

Hi Dennis & list,

On Fri, 2011-10-21 at 08:11 -0700, Dennis E. Hamilton wrote:
> It is not something that can be done unilaterally here on the AOOo podling.
> Do you propose that this be discussed at securityteam@ OO.o?  It would
> seem that is where consensus is required.

	Last I checked only a few from TDF's security group are on that list;
so it doesn't seem an ideal forum either. Lets just CC our security team
as I've done.

	I am mildly amused by the convenient deployment of the argument type:
"we have always done it this way" from a project undergoing such a lot
of (in many ways positive) changes. Combine this with a world of
extraordinary possibilities such as: mail forwarding and the "mail
address is well known" bites the dust. There were many projects and
people I used to admire in the ASF, but claiming it is neutral in
today's world is not sensible.

	I would like to see, and think it is reasonable to ask for:

	1. a neutral domain / list name
	2. a comprehensive set of moderators / admins cf. previous
	3. neutral hosting

	It seems vs. the present that the ASF guys are suggesting to compromise
on only one of these points (2.) ie. having two Apache supporters (Rob +
Dennis) as moderators, and one TDF guy (me or Caolan): is that right ?

	At a big stretch, assuming there is no heavy-governance-petting
anywhere near it, I could cope with not having 3. ie. Apache hosting it
- after all, that is rather invisible [ but I personally loathe reply-to
mangling - I don't believe we would want that pushed onto us ].

	So - where do we go from there ? it looks to me like no compromise is
possible (for some definitions of compromise). We could create two
'neutral' mailing lists one at each side, with cross subscriptions to
our own security lists - but it all seems a bit pointless.

	Regards,

		Michael.

-- 
michael.meeks@suse.com  <><, Pseudo Engineer, itinerant idiot

Mime
View raw message