incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: Neutral / shared security list ...
Date Tue, 25 Oct 2011 21:47:56 GMT
Florian,

There is one important concern for a community security list: not all neutral locations are
created equal, from a security point of view.  There is more required for a security list
than for an ordinary mailing list, even a supposedly private mailing list.

I don't know what practices TDF offers with regard to such a hosting.  That would be more
important to me than a neutral domain name.

I do have a sense of what ASF offers.  (And this is not about the AOOo podling or who is on
that project.)

For any other contender, the trustworthiness of the site as a location for a security list
is important.  This is different than the issues of trust that exist with regard to governance
and the participation on the security list.

It is not a trivial matter.

 - Dennis

-----Original Message-----
From: Florian Effenberger [mailto:floeff@documentfoundation.org] 
Sent: Tuesday, October 25, 2011 14:34
To: ooo-dev@incubator.apache.org
Subject: Re: Neutral / shared security list ...

Hello Ian,

Ian Lynch wrote on 2011-10-25 19:18:
> Well babies are usually made from love and tenderness (unless it's a
> mistake) and I don't see too much of that in this approach. At least to get
> started why not do it on a neutral list? Florian has made a perfectly
> reasonable case for it. Is that so much to give up just to get something
> going? In terms of baby making I'd say we need some serious marriage
> guidance before even talking about getting in bed together never mind
> wrapping anything in latex.

thank you for being reasonable and seeing what my proposal intends -- 
really, that's truly appreciated.

Seeing all those proposals coming in -- no list at all, everyone 
forwards to each other etc. -- simply makes no sense. It creates 
overhead, it makes things slow, and that just for the sake of not 
agreeing to a simple proposal, it feels.

To sum up my proposal again: If we are on neutral grounds, nobody loses 
anything, but we all can win. It is not about telling any entity is not 
trustworthy enough -- it simply is the easiest solution for a topic that 
has been cooking for weeks now.

The easiest solution -- and anyone with common sense should agree -- is 
to have a shared list on neutral grounds. Not involving ASF, AOOo, 
TeamOOo, neither TDF, LibO, FrODeV.

That is fair to anyone, does not exclude anyone, does not benefit one 
over the other -- it's easy, simple, and the best way to go. Sure, 
everyone can create own aliases pointing to that list, but the core is 
the same, and that's what matters.

If you folks now start complaining about we don't trust Apache, we can 
answer by complaining you don't trust TDF and so on. It's a horrible 
waste of time, it's lame, it does not help anyone, and it makes me doubt 
we're talking amongst adults, seriously.

And, really, all this crap being tossed around about trustworthiness, 
upstream, downstream, code similarities and insults is worth not even 
the digital paper it's written on.

I made a simple, plain, and easy proposal. Don't make things overly 
complicated, folks.

Thanks for considering,
Florian

-- 
Florian Effenberger <floeff@documentfoundation.org>
Steering Committee and Founding Member of The Document Foundation
Tel: +49 8341 99660880 | Mobile: +49 151 14424108
Skype: floeff | Twitter/Identi.ca: @floeff


Mime
View raw message