incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Malte Timmermann <malte_timmerm...@gmx.com>
Subject Re: Vulnerability fixed in LibreOffice
Date Mon, 10 Oct 2011 16:33:08 GMT
What's this thread about - "OOo/AOOo/TDF private security lists war 
reloaded"? ;)

To sum up:

- Apache mentors/PPMCs made clear that only AOOo committers can be on 
the AOOo Security list (ooo-security@incubator.apache.org).
Regardless of whether or not this rule makes sense in this special case 
(AOOo = base for many OOo products), we have to adhere for that rule now.

- As a result, TDF decided to have the same rule for their security list 
(tdf-security@lists.documentfoundation.org), and silently kicked me from 
that list (which of course is their right to do, but some notice would 
have been nice)

- Which leaves us with 1 common list where we don't have such 
restrictive rules, and can continue with our cooperation: The 
old/original OOo security list securityteam@openoffice.org.

Some people stated that the fate of old OOo lists is unknown - agreed. 
But as long as they last, it's the best option to continue using that 
security list. Members from all interested/helping parties are already 
on that list (well, some RedOffice security guy should join), and the 
list name is well known to security researchers and OOo users.

Malte.

On 10.10.2011 17:37, Michael Meeks wrote:
> Hi Dennis,
>
> On Mon, 2011-10-10 at 08:03 -0700, Dennis E. Hamilton wrote:
>> How is it that this "reciprocal action" occurred and was made known to
>> the Apache OOo podling ?
>
> 	Oh - it's quite simple, you ASF/OOo made your decision to not include
> TDF guys, and we (without an endless mail thread) made the quiet
> decision to drop Malte from our LibreOffice specific mailing list:
> tdf-security@lists.documentfoundation.org in response; turning it into a
> TDF-ony list. That seems reasonable presumably.
>
>> And how is it that it was performed on securityteam@openoffice.org ?
>> When did that become a TDF property?  Who is the "our" in whose name a
>> reciprocal action was taken?
>
> 	Gosh :-) The securityteam@openoffice.org list stayed exactly as it has
> always done - as a cross-vendor, cross-project, place to exchange such
> information. No-one was removed from it, Malte is still on it, and Rob
> was added. This is where the details were discussed, and the patches
> posted. That list is certainly not a TDF property. The tdf-security list
> on the other hand is.
>
>> If this was a race to demonstrate who is the least trustworthy in
>> these matters, I concede that you won.  Feel better now?
>
> 	Thank you for your vote of confidence. The more I hear nonsense talked
> about what goes on on private security lists, the more I hate them. If
> only they were not necessary.
>
> 	All the best,
>
> 		Michael.
>

Mime
View raw message