incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From TJ Frazier <tjfraz...@cfl.rr.com>
Subject Re: Vulnerability fixed in LibreOffice
Date Mon, 10 Oct 2011 16:51:13 GMT
Hi, Malte,

On 10/10/2011 12:33, Malte Timmermann wrote:
> What's this thread about - "OOo/AOOo/TDF private security lists war
> reloaded"? ;)
>
> To sum up:
>
> - Apache mentors/PPMCs made clear that only AOOo committers can be on
> the AOOo Security list (ooo-security@incubator.apache.org).
> Regardless of whether or not this rule makes sense in this special case
> (AOOo = base for many OOo products), we have to adhere for that rule now.
>
> - As a result, TDF decided to have the same rule for their security list
> (tdf-security@lists.documentfoundation.org), and silently kicked me from
> that list (which of course is their right to do, but some notice would
> have been nice)
>
> - Which leaves us with 1 common list where we don't have such
> restrictive rules, and can continue with our cooperation: The
> old/original OOo security list securityteam@openoffice.org.
>
> Some people stated that the fate of old OOo lists is unknown - agreed.
> But as long as they last, it's the best option to continue using that
> security list. Members from all interested/helping parties are already
> on that list (well, some RedOffice security guy should join), and the
> list name is well known to security researchers and OOo users.
>
> Malte.

Assuming that you are the "mt" listed as an administrator on the OO.o 
security project, that should make you an owner of the securityteam ML. 
I suggest that you provide subscriptions there for Dennis and Wolf (Rob 
already being subscribed).

I thought I might have to volunteer to take over that ML, as I have for 
a couple of the moribund @documentation lists. I still will, if anyone 
thinks it necessary.

/tj/
TJFrazier on OO.o
Owner/moderator, dev@doc
Owner/moderator, authors@doc
>
> On 10.10.2011 17:37, Michael Meeks wrote:
>> Hi Dennis,
>>
>> On Mon, 2011-10-10 at 08:03 -0700, Dennis E. Hamilton wrote:
>>> How is it that this "reciprocal action" occurred and was made known to
>>> the Apache OOo podling ?
>>
>> Oh - it's quite simple, you ASF/OOo made your decision to not include
>> TDF guys, and we (without an endless mail thread) made the quiet
>> decision to drop Malte from our LibreOffice specific mailing list:
>> tdf-security@lists.documentfoundation.org in response; turning it into a
>> TDF-ony list. That seems reasonable presumably.
>>
>>> And how is it that it was performed on securityteam@openoffice.org ?
>>> When did that become a TDF property? Who is the "our" in whose name a
>>> reciprocal action was taken?
>>
>> Gosh :-) The securityteam@openoffice.org list stayed exactly as it has
>> always done - as a cross-vendor, cross-project, place to exchange such
>> information. No-one was removed from it, Malte is still on it, and Rob
>> was added. This is where the details were discussed, and the patches
>> posted. That list is certainly not a TDF property. The tdf-security list
>> on the other hand is.
>>
>>> If this was a race to demonstrate who is the least trustworthy in
>>> these matters, I concede that you won. Feel better now?
>>
>> Thank you for your vote of confidence. The more I hear nonsense talked
>> about what goes on on private security lists, the more I hate them. If
>> only they were not necessary.
>>
>> All the best,
>>
>> Michael.
>>
>
>



Mime
View raw message