incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jürgen Schmidt <jogischm...@googlemail.com>
Subject Re: Vulnerability fixed in LibreOffice
Date Thu, 06 Oct 2011 15:50:29 GMT
On Thu, Oct 6, 2011 at 5:25 PM, Dave Fisher <dave2wave@comcast.net> wrote:

> Hi -
>
> I blame Oracle, it is nearly 4 months and NO domain transfer.
>

it doesn't help anybody ;-)


>
> On Oct 6, 2011, at 8:05 AM, Thorsten Behrens wrote:
>
> > Jim Jagielski wrote:
> >> I agree it needs to be addressed. What is ironic is that this
> >> discussion did NOT result in a breakdown of B at all, but
> >> rather a breakdown in another entity also not having a policy
> >> in place in sharing info with other community members.
> >>
> > Hi Jim,
> >
> > since this is ambiguous and leaves the possibility you refer to TDF
> > - the information *was* shared.
>
> Shared with who?
>
> > I may remind you that, at the point
> > of responsible disclosure to securityteam@ooo, the
> > ooo-security@apache list was still in the process of being
> > setup/populated, and there was an ongoing policy discussion here.
>
> When that discussion was settled it seems someone on the TDF side should
> have taken some initiative to inform AOOo at our list. To not have that
> happen was not in any spirit of cooperation.


please stop this, let us try to improve it in the future. I think we want
work together where possible and not against.


>
> >
> > Really, it seems the breakdown was on this side...
>
> Not really, that is NOT AOOo's list. It is even now Oracle's abandoned ML.
>
> On Oct 6, 2011, at 7:38 AM, Florian Effenberger wrote:
>
> > Hi,
> >
> > Jürgen Schmidt wrote on 2011-10-06 14:40:
> >> My idea is to simply use the existing
> >> securityteam@openoffice.org  <knownsecurityteam@openoffice.org>  list
> for
> >> collaborative work on this topic. LibreOffice has also a separate
> security
> >> list, right. So i don't see your point here.
> >
> > I proposed that, Rob Weir refused to continue with the existing contacts,
> telling things at Apache were different.
>
> So, you guys decided to ignore the fact that we had established an
> ooo-security@a.i.o because it wasn't what you wanted to have happen?
>
> Yet at the same time AOOo has absolutely NO control or access to the
> securityteam@openoffice.org ML?
>

again let us focus on the future.

I think we have now a common picture in mind and should focus on a working
collaboration and shared information flow on security issues via the
securityteam@openoffice.org ML.

Juergen


>
> >
> > Ping me when you folks have sorted out your issues.
>
> The real issue is that the openoffice.org MLs have not been reliable, no
> one is watching at Oracle and someone here has to contact Andrew Rist about
> every problem and then he has to track it down.
>
> It would be absolutely great if the ASF got proper control of the
> openoffice.org domain. Once we have that then it is possible to handle the
> ML at openoffice.org, and securityteam@openoffice.org might work. We at
> AOOo don't even know who is subscribed to that list. It has NEVER been
> disclosed.
> .
> I don't know why Oracle has failed on their side with the domain transfer
> of openoffice.org.
>
> Regards,
> Dave
>
>
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message