incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Meeks <michael.me...@suse.com>
Subject Re: Neutral / shared security list ...
Date Tue, 25 Oct 2011 16:35:17 GMT
Hi Dave,

	First - thanks for being so reasonable :-) it is rather refreshing to
talk details in a pleasant fashion.

On Tue, 2011-10-25 at 08:24 -0700, Dave Fisher wrote:
> However, this is moot (does not matter) if the address is not in
> a domain that the ASF is responsible.

	Fair enough, seems we're on the same page here then.

> > 	I would not have a process - we should just include everyone competent
> > who has a reason to be there; that is normally fairly easy to work out
> > relationally; if not the moderators can thrash it out. If it is a
> > multi-vendor, neutral list I don't envisage controversy there.
> 
> I don't either. My thought was to give individuals / peer projects time to
> appear. If they are welcomed gladly by the list after the list's
> establishment then no troubles.

	Sure - I suspect pre-populating with the previous guys, adding a few
more interested & relevant parties and so on would be fine.

> I think it would help to have a single ML and I think that is more 
> important than the address.

	Completely agreed.

>  securityteam@openoffice.org can be made to forward to that address
> if necessary.

	Sure.

> It would be good for the AOOo PPMC to see this list as well. I think
> that the actual membership should be shared in private. Would someone
> with appropriate karma on the OOo MLs please provide this.

	That'd be Rob or Malte or Martin? I suspect.

> You suggested: officesecurity@lists.freedesktop.org

	Yep, luckily it is not created just yet.

> The comment was that this was not an appropriate domain name as not
> all of the "Office Space" is Linux. So, the open question is where
> the list is hosted.

	Sure; so freedesktop is chosen only because it happens to be close to
hand, and more neutral than anything else I could think of in five
seconds, and less lame than eg. a sourceforge address. I had hoped that
there would be volunteers with more fun-sounding domains around that
could host a mailing list. IMHO it doesn't need to have ultra-rocket
powered security / mail encryption features - the problems are mostly
rather banal.

> Martin mentions hosting at Team OpenOffice, but that fails your
> neutrality test doesn't it?

	Gosh - actually, I don't know. It is really not that clear to me where
Martin & co. stands on these things, though having read his intro mail
here which seemed (to me) to suggest that TDF should give up & go
home ;-) I'd tend to agree with that neutrality concern.

	Of course, perhaps this is all overblown anyway; if the openoffice.org
domain was to become something common to, and shared by all those
distributing binaries based on the code, that might be the neutral place
we're looking for. Of course, so far its clear to me what the plans are
for the domain.

	So where does that leave us ? one approach that hasn't been discussed
(and is perhaps a good compromise) - is for me to go ahead and setup the
list @freedesktop, and for you guys to advertise the @ooo alias on your
pages, and us to advertise the freedesktop one on ours.

	That'd give a neutral venue, name, back-compat, no need to use the
freedesktop brand for AOOoI etc.

	What do you think ?

	Thanks,

		Michael

-- 
michael.meeks@suse.com  <><, Pseudo Engineer, itinerant idiot


Mime
View raw message