incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Meeks <michael.me...@suse.com>
Subject Re: Vulnerability fixed in LibreOffice
Date Mon, 10 Oct 2011 20:41:20 GMT
Hi Rob,

On Mon, 2011-10-10 at 12:19 -0400, Rob Weir wrote:
> It does not seem reasonable to publicly excoriate AOOo for having a
> private security list restricted to members while you are
> simultaneously and without notice proceed to enforce the same policy
> for the TDF security list.

	It is clearly my preference to have mutual openness and
cross-subscription, and this was how we set out. Your decision to stop
that tradition shut that trust down. I'm eager to re-start it, either
with a neutrally hosted shared list, or cross-membership (as before).

>   Some might even say that was disingenuous and hypocritical.

	You always represent the hyper-charitable fringe so nicely.

> I see you sharing information about subscribers on a private security
> list in attempts to score points and embarrass list participants.

	Um; out of interest - where ? I was unaware that the list of
subscribers to private security lists is itself a useful secret :-) as
for the attempt to score points and embarrass - can you expand on who is
embarrassed ? If it is your presence on and/or monitoring of the
cross-vendor list, you advertised that yourself on this list at least
once[1].

	Thus far, I've spent quite a bit of un-necessary time helping to
itemise the facts that point to the locus of inadequacy and
non-communication: mainly because in their absence it has been horribly
mis-placed. It is sad if that is embarrassing for you.

>   I see a TDF blog post that is full of misstatements and inaccuracies
> about a non-existant vulnerability, one that the original RedHat expert
> now admits is not a security issue.

	Potentially you confuse the issue that was found with the rather
broader scope of the fix that was applied for it.

>   All I'm doing is suggesting that we treat AOOo security like we do
> for every other Apache project.

	Sounds great - lets have open-ness to other projects, and
cross-fertilisation of list composition without arbitrary and
un-necessary barriers to entry then :-) I'd love that.

	It seems that are you asserting that the advice from the established
Apache security mechanism was to be as insular as possible though; is
that really the case ? are all other Apache projects security lists
closed to helpful outside membership ?

>   But you are playing games and trying to score points.

	How did it come to this.

	Regards,

		Michael.	

[1] -
http://mail-archives.apache.org/mod_mbox/incubator-ooo-dev/201107.mbox/%
3CCAP-ksoi0dJtLbfGoHhAQ3OVfNT4zsxsDcrCOCGYy=eHaWPMS5g@mail.gmail.com%3E
-- 
michael.meeks@suse.com  <><, Pseudo Engineer, itinerant idiot


Mime
View raw message