incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Re: Vulnerability fixed in LibreOffice
Date Thu, 06 Oct 2011 15:25:20 GMT
Hi - 

I blame Oracle, it is nearly 4 months and NO domain transfer.

On Oct 6, 2011, at 8:05 AM, Thorsten Behrens wrote:

> Jim Jagielski wrote:
>> I agree it needs to be addressed. What is ironic is that this
>> discussion did NOT result in a breakdown of B at all, but
>> rather a breakdown in another entity also not having a policy
>> in place in sharing info with other community members.
>> 
> Hi Jim,
> 
> since this is ambiguous and leaves the possibility you refer to TDF
> - the information *was* shared.

Shared with who?

> I may remind you that, at the point
> of responsible disclosure to securityteam@ooo, the
> ooo-security@apache list was still in the process of being
> setup/populated, and there was an ongoing policy discussion here.

When that discussion was settled it seems someone on the TDF side should have taken some initiative
to inform AOOo at our list. To not have that happen was not in any spirit of cooperation.

> 
> Really, it seems the breakdown was on this side...

Not really, that is NOT AOOo's list. It is even now Oracle's abandoned ML.

On Oct 6, 2011, at 7:38 AM, Florian Effenberger wrote:

> Hi,
> 
> J├╝rgen Schmidt wrote on 2011-10-06 14:40:
>> My idea is to simply use the existing
>> securityteam@openoffice.org  <knownsecurityteam@openoffice.org>  list for
>> collaborative work on this topic. LibreOffice has also a separate security
>> list, right. So i don't see your point here.
> 
> I proposed that, Rob Weir refused to continue with the existing contacts, telling things
at Apache were different.

So, you guys decided to ignore the fact that we had established an ooo-security@a.i.o because
it wasn't what you wanted to have happen?

Yet at the same time AOOo has absolutely NO control or access to the securityteam@openoffice.org
ML?

> 
> Ping me when you folks have sorted out your issues.

The real issue is that the openoffice.org MLs have not been reliable, no one is watching at
Oracle and someone here has to contact Andrew Rist about every problem and then he has to
track it down.

It would be absolutely great if the ASF got proper control of the openoffice.org domain. Once
we have that then it is possible to handle the ML at openoffice.org, and securityteam@openoffice.org
might work. We at AOOo don't even know who is subscribed to that list. It has NEVER been disclosed.
.
I don't know why Oracle has failed on their side with the domain transfer of openoffice.org.

Regards,
Dave


> 

Mime
View raw message