incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Donald Harbison <dpharbi...@gmail.com>
Subject Re: PMC report for October 2011
Date Wed, 12 Oct 2011 17:44:56 GMT
On Wed, Oct 12, 2011 at 1:28 PM, Dave Fisher <dave2wave@comcast.net> wrote:

>
> On Oct 12, 2011, at 10:18 AM, Rob Weir wrote:
>
> > On Wed, Oct 12, 2011 at 1:09 PM, Dave Fisher <dave2wave@comcast.net>
> wrote:
> >> Rob,
> >>
> >> On Oct 12, 2011, at 9:34 AM, Rob Weir wrote:
> >>
> >>> On Wed, Oct 12, 2011 at 11:48 AM, Dave Fisher <dave2wave@comcast.net>
> wrote:
> >>>
> >>> <snip>
> >>>
> >>>> I think that "we" as the AOOo PPMC will need to find one or more PPMC
> members to fulfill certain external roles.
> >>
> >>
> >> I am emphasizing EXTERNALLY facing roles. These people would generally
> be people with the talent of handling sensitive issues in a delicate and
> appropriate manner on the list when they arise seemingly out of place.
> Knowing that there are volunteers available will help the rest of us focus
> on code or migration.
> >>
> >>
> >>>>
> >>>> Perhaps these roles are:
> >>>>
> >>>> (1) Public face of Security for AOOo.
> >>>>
> >>>
> >>> Work on handling security reports occurs on a private list,
> >>> ooo-security.  It is not visible publicly, or even to the PPMC in
> >>> general.  Where there needs to be a public communication, for example,
> >>> to report a vulnerability, it comes from members of ooo-security.
> >>> This is all per the recommended process from Apache Security [1].  The
> >>> PPMC is welcome to debate and adopt contract guidelines, but I would
> >>> not recommend it.
> >>>
> >>> The members of the ooo-security list are stated on our FAQ page [2]
> >>>
> >>> So I think that part is already covered.
> >>
> >> Given what just happened with LO, we made improvements. But I think that
> some member of ooo-security needs to be watching for security related
> questions as they appear on ooo-dev and ooo-users. You and Dennis are very
> vocal across the whole spectrum of AOOo issues. I think that there needs to
> be someone we all know is on top of security and can publicly contact.
> >>
> >> The rest of us. Me, you, or whoever should refrain from answering such
> questions (or answer with deferment and deference). This public facing
> person could generally speak for the group.
> >>
> >>>> (2) Liaison with the TDF.
> >>>>
> >>>
> >>> Ideally, someone who is already both a PPMC member and a TDF member.
> >>> We have several.  "Half liaisons" (someone who is a member of one
> >>> organization but not the other) don't work quite as well.
> >>
> >> Half or full is not really the issue. Diplomatic and measured response
> that can both speak for the group and know when to defer back to the podling
> is important. To me a non-TDF member might be better.
> >>
> >>>> (3) Press Liaison.
> >>>>
> >>>
> >>> As a podling we're a bit limited here, per Podling guidelines [3], but
> >>> there is certainly some scope for doing good work here, if someone
> >>> wants to volunteer.
> >>
> >> Someone should be looking out at the real world and letting us know
> what's being said about AOOo and then striving to correct the record. This
> needs to be someone on the PPMC. The person is this role would work with
> press@a.o. They would establish relationships, etc.
> >>
> >
> > I don't think it works that way.  I wish it did, but it doesn't.
> >
> > What we've seen is this:
> >
> > 1) Reporters are either monitoring this list, or more likely being
> > tipped off by someone, pointing them to threads where there is juicy
> > stuff.
> >
> > 2) The write an article, quoting participants on this list. They are
> > not picky.  They'll quote members and non-members alike, me, Dennis,
> > Simony, whoever.
> >
> > 3) They then publish their article.  They never post a note to the
> > list, send a note to Press@, ask who our press liaison is.  They are
> > getting 50 bucks to write an article in 45 minutes, and that is what
> > they do.
> >
> > That is how it works.  If we want to change that, having a designated
> > person is not enough, unless that person actually does the preemptive
> > outreach.  If we wait for negative stories to be published we're too
> > late.
>
> Well it looks like a tough job. You do bring up one main benefit of a press
> liaison "preemptive outreach."
>
> We need someone explicitly building the relationships, becoming someone
> that the press will know to ask when they want clarification before they
> publish something negative or just plain wrong.
>
> I will volunteer to tackle this in concert with press@a.o, and Sally
Khudairi, VP Publicity, ASF.
Now where is that teflon suit?
/don

> Regards,
> Dave
>
> >
> >
> >>>
> >>>> (4) Brand Manager / Cat Herder.
> >>>>
> >>>
> >>> You see those as the same thing?  We've had a couple requests for
> >>> permission to use the OOo trademark and logo.  We handled those
> >>> requests well, I thought.  I don't think there is a volume of such
> >>> requests that would suggest we need a person dedicated to that.
> >>
> >> This is more about herding of wiki, BZ, blogs, fora, and websites to
> have proper branding. Looking out for the OOo and AOOo brand in the wild. It
> is cat herding because each of these exist in both the legacy OOo site and
> in various stages of migration.
> >>
> >>
> >>>
> >>>
> >>>> With people in these roles who are active then perhaps the rest of us
> can defer immediate responses to questions in these areas when they occur on
> ooo-dev. With slight formality we might be able to stop the periodic and
> damaging flames of misunderstanding.
> >>>>
> >>>
> >>> Other areas where we could use some volunteer leadership:
> >>>
> >>> 5) wiki master
> >>>
> >>> 6) bugzilla master
> >>>
> >>> 7) web master
> >>
> >> These are more obvious roles that are as much internal to the project as
> external. Never-the-less these are roles.
> >>
> >> (8) User Forum sys admins - supplementing the current proposal with
> individuals like perhaps Drew.
> >>
> >> On Oct 12, 2011, at 9:50 AM, Donald Whytock wrote:
> >>
> >>> On Wed, Oct 12, 2011 at 12:34 PM, Rob Weir <robweir@apache.org> wrote:
> >>>> Other areas where we could use some volunteer leadership:
> >>>>
> >>> < snip >
> >>
> >>
> >>> IP master?  Coordinating the re-licensing process, looking at external
> >>> packages linked to, and being the go-to for future contributions?
> >>
> >> Sure -
> >>
> >> (9) Legal Maven. Clearing Terms of Use with Apache legal, checking
> NOTICE and LICENSE, requesting authors relicense source, etc.
> >>
> >> Regards,
> >> Dave
> >>
> >>>
> >>> Don
> >>
> >>
> >>>
> >>>
> >>> [1] http://www.apache.org/security/committers.html
> >>> [2] http://incubator.apache.org/openofficeorg/ppmc-faqs.html
> >>> [3] http://incubator.apache.org/guides/branding.html
> >>
> >>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message