incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shane Curcuru <...@shanecurcuru.org>
Subject Re: Vulnerability fixed in LibreOffice
Date Tue, 11 Oct 2011 01:00:27 GMT
(cutting and snipping liberally to get to the worthwhile stuff)

On 10/10/2011 7:34 PM, Ross Gardler wrote:
> On 10 October 2011 21:41, Michael Meeks<michael.meeks@suse.com>  wrote:

...snip...

> b) Because other communities exist based on a common code base it
> makes sense to attempt to build an appropriate mechanism to
> collaborate on security issues that affect both projects
>
> I will observe that, to my knowledge, no other ASF project is faced
> with situation b).

...snip...

> I will also observe that a proposal to address both a and b has been
> put forward, and repeated numerous times, in this thread. I've even
> seen it agreed upon, at least in principle, by most parties in this
> discussion.

So, dear PPMC and dear whoever currently knows where the mail routing 
info for securityteam@openoffice.org is, please get together and fix 
that address - for the near future at least - to be something that 
works.  Submitting an INFRA ticket will start the ball rolling on the 
ASF side to host it.

Simply subscribe ooo-security@ to that list, and then using whatever 
existing security sharing handshakes we use to approve other subscribers 
is would be sufficient.  Obviously, the TDF private security@ list 
itself would be welcome to subscribe to securityteam@ as well.

Done.  We can then have conversations either privately separately or 
privately together as needed.


> [the next three sentences are a general observation and not in direct
> response to Michael]
>
> Unfortunately the bickering about "who started it" is getting in the
> way of moving towards a solution.
>
> As a mentor I find it a great shame as this opportunity for healthy
> collaboration between LO and AOOo might be missed because we want to
> disect this incident rather than look at the bigger picture of how we
> might work together on future incidents.
>
> Ross

Oh, no, this is great!  I'm just wondering how much I can charge per 
ticket for people to watch the next few rounds of this comedy fest. 
It's high internet humor here with the he said, she said.

(And yes, that last para is full of massive frowning sarcasm.)

- Shane

Mime
View raw message