incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Meeks <>
Subject Re: [DISCUSS] Neutral / shared security list proposal
Date Fri, 21 Oct 2011 17:06:37 GMT
Hi Dennis & list,

On Fri, 2011-10-21 at 08:11 -0700, Dennis E. Hamilton wrote:
> It is not something that can be done unilaterally here on the AOOo podling.
> Do you propose that this be discussed at securityteam@ OO.o?  It would
> seem that is where consensus is required.

	Last I checked only a few from TDF's security group are on that list;
so it doesn't seem an ideal forum either. Lets just CC our security team
as I've done.

	I am mildly amused by the convenient deployment of the argument type:
"we have always done it this way" from a project undergoing such a lot
of (in many ways positive) changes. Combine this with a world of
extraordinary possibilities such as: mail forwarding and the "mail
address is well known" bites the dust. There were many projects and
people I used to admire in the ASF, but claiming it is neutral in
today's world is not sensible.

	I would like to see, and think it is reasonable to ask for:

	1. a neutral domain / list name
	2. a comprehensive set of moderators / admins cf. previous
	3. neutral hosting

	It seems vs. the present that the ASF guys are suggesting to compromise
on only one of these points (2.) ie. having two Apache supporters (Rob +
Dennis) as moderators, and one TDF guy (me or Caolan): is that right ?

	At a big stretch, assuming there is no heavy-governance-petting
anywhere near it, I could cope with not having 3. ie. Apache hosting it
- after all, that is rather invisible [ but I personally loathe reply-to
mangling - I don't believe we would want that pushed onto us ].

	So - where do we go from there ? it looks to me like no compromise is
possible (for some definitions of compromise). We could create two
'neutral' mailing lists one at each side, with cross subscriptions to
our own security lists - but it all seems a bit pointless.



--  <><, Pseudo Engineer, itinerant idiot

View raw message