incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Shane Curcuru <...@shanecurcuru.org>
Subject Re: [proposal] Neutral / shared security list ...
Date Wed, 26 Oct 2011 13:21:59 GMT
A couple of observations:

On 10/25/2011 8:03 PM, Dave Fisher wrote:
>
> On Oct 25, 2011, at 4:43 PM, Rob Weir wrote:
>
>> On Tue, Oct 25, 2011 at 7:19 PM, Dave Fisher<dave2wave@comcast.net>
>> wrote:
>>>
>>> On Oct 25, 2011, at 4:05 PM, Rob Weir wrote:
>>>
>>>> On Tue, Oct 25, 2011 at 7:01 PM, Dennis E. Hamilton

...snip...

>> I think then we need to weight having a smashing fun party with LO
>> hackers in a private, unauditable list with no license discipline
>> versus Apache's primary mission of producing software for public
>> use under the Apache 2.0 license.
>
> Code through Community. I'm trying to find a way to keep the larger
> community together.

And I applaud honest efforts to make it simpler to share appropriately 
licensed code with other open source groups.  However for the purposes 
of what the AOOo podling does, the relevant community is the set of 
existing and likely future committers on this podling.  While there is a 
rich and wonderful history around the OpenOffice.org project and it's 
products, the relevant discussion for ooo-dev@ is how we're going to 
manage this new project called (I'm betting) Apache OpenOffice.

> You are asserting that the list will be unauditable when the ASF is
> still a possible "ISP"?

Leaving aside my confusion over which proposal is which, I will note 
that services core to any ASF project must be hosted by ASF infra.  We 
have found that even when dealing with third parties who have all the 
best intentions, allowing core services to be hosted externally often 
causes problems.  ASF projects - through ASF infra - need to be masters 
of their own services.

As a corollary, ooo-security@ must be on ASF list hardware.  And given 
that the ASF will be hosting the domain name, any future 
securityteam@oo.o email address will be hosted on ASF hardware.

While I can certainly understand (in theory) trust issues from past OOo 
participants about the new AOOo PPMC, I must admit I don't understand 
the level of distrust I seem to see from some non-committers about the 
ASF as a whole.

This podling won't be running all this hardware themselves - they'll 
only be helping the existing ASF infra team on running it.  Core 
services at the ASF are not subject to the whims of any specific 
project, rather they are maintained by the Foundation as a whole for 
*all* of our projects, in a vendor-neutral way.

> You are asserting a "smashing fun party" problem that is not visible
> to me.

I've forgotten what specific confusing points were made on this thread 
now, but I did want to add a third point: beer.  Many ASF project 
communities also have a rich history of having fun and drinking beer, 
and we shouldn't forget that!

- Shane, ending on a lighter note (but *not* a light beer, please)

Mime
View raw message