incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Simon Phipps <si...@webmink.com>
Subject Re: Vulnerability fixed in LibreOffice
Date Mon, 10 Oct 2011 15:10:11 GMT

On 10 Oct 2011, at 15:55, J├╝rgen Schmidt wrote:

> On Mon, Oct 10, 2011 at 3:51 PM, Simon Phipps <simon@webmink.com> wrote:
>> 
>> Back to the actual issue:
>> 
>> * for (A), AOOo clearly needs a private security list. We all agree.
>> * for (B), the legacy StarOffice ecosystem clearly needs a shared private
>> security list. Seems we all agree on that too.
>> 
>> The former apparently exists. All that's left is to actually agree to a
>> technical arrangement that works for the latter. There are two proposals on
>> the table. Given the tendency of some to confuse community collaboration
>> with Apache project work, I actually think the idea of a list at
>> freedesktop.org for (B) makes most sense.
>> 
> 
> let us check first if we can still use the already established list
> securityteam@openoffice.org <knownsecurityteam@openoffice.org> before
> seeking for a new name. It's at least not clear for me if we can use it or
> not, i will try to clarify this.
> 
> freedesktop.org is very Linux centric, isn't it? 

Yes, it's a Linux desktop programmer hangout. However, it has the political benefit of being
neither Apache nor TDF managed. 

If that wasn't an issue, I have checked with TDF and they would be happy to host security-collab@documentfoundation.org
if we wanted :-)

> Does it make sense to check first the possibility of using the existing
> name?

Absolutely, yes, although I think if we can't get it sorted in the next week or so we should
opt for a new venue. 

As well as the basic practical detail of availability we also need to make sure the list can
be managed by and for its participants and is not exclusive to Apache as was proposed in some
earlier messages.

> 
> Juergen
> 
> 
>> 
>> How about StarSec-Collab@lists.freedesktop.org (named so that there's
>> clearly no single project "owning" it).
>> 
>> S.


Mime
View raw message