incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: [proposal] Neutral / shared security list ...
Date Tue, 25 Oct 2011 23:05:42 GMT
On Tue, Oct 25, 2011 at 7:01 PM, Dennis E. Hamilton
<dennis.hamilton@acm.org> wrote:
> Oh, and the most important part:
>
> In want way is the AOOo party to the consensus that is reached?  That ooo-security (an
agent of the PPMC, essentially) will participate in the described community arrangement if
established? Something else?
>

It would be good to also include in the proposal how IP will be
treated.  By my reading of the iCLA this would not be covered, since
it is not an Apache list.  We'd need to make some other agreement,
take it to legal-discuss, etc.

> I think that would be essential to bringing this to a successful conclusion.
>
> -----Original Message-----
> From: Dennis E. Hamilton [mailto:dennis.hamilton@acm.org]
> Sent: Tuesday, October 25, 2011 15:45
> To: 'ooo-dev@incubator.apache.org'
> Cc: 'Dave Fisher'
> Subject: RE: [proposal] Neutral / shared security list ...
>
> Dave, if you are going to do that, just relabeling a thread is not helpful.
>
> Please compose a specific concrete proposal under a [DISCUSS], and announce the duration
and end-time for a lazy consensus at the top.
>
> Give it at least 3 full 24-hour calendar days.
>
> I don't have any sense that there is alignment yet, but there may be in that time and
I am happy to be mistaken.  Then at the end, if there is a consensus, please report what
it is.
>
>  - Dennis
>
> -----Original Message-----
> From: Dave Fisher [mailto:dave2wave@comcast.net]
> Sent: Tuesday, October 25, 2011 15:35
> To: ooo-dev@incubator.apache.org
> Cc: floeff@documentfoundation.org
> Subject: Re: [proposal] Neutral / shared security list ...
>
> Hi -
>
> Sorry to reply to myself.
>
> Even though there are choices in this email. Please view it as a proposal. Where we are
seeking lazy consensus.
>
> On Oct 25, 2011, at 3:26 PM, Dave Fisher wrote:
>
>> On Oct 25, 2011, at 3:18 PM, Simon Phipps wrote:
>>
>>> On Wed, Oct 26, 2011 at 12:04 AM, Dave Fisher <dave2wave@comcast.net> wrote:
>>>
>>>>
>>>> Agreed. We need to pick a neutral domain name. office-security.org is
>>>> apparently free.
>>>>
>>>> Some institution needs to buy domain registration. I've been the volunteer
>>>> registrar for a social groups domain, it is a pain to transition. This needs
>>>> to be an institution, it could be Team OOo?
>>>>
>>>
>>> I think they are too close to the matter.  SPI exists specifically to hold
>>> assets in trust - perhaps they would hold the registration for us all?  If
>>> we agree I'd be happy to volunteer to contact them.
>>>
>>> It's also possible we could ask OSI to do it - Jim Jagielski and I are both
>>> on the Board at present.
>>
>> These are both interesting ideas.
>
> The proposal is to pick a domain and get registration  Simon volunteers to help.
>
>
>>
>>>
>>>
>>>>
>>>> An ISP for hosting the private ML needs to be selected. Dennis suggests
>>>> that the ASF could be that ISP for free.
>>
>> <slight snip/>
>>
>> And:
>>
>> <insert>
>>
>> On Oct 25, 2011, at 2:51 PM, Florian Effenberger wrote:
>>
>> <snip/>
>>
>>>
>>> If we basically agree that such a list as outlined by me is a way to go, I am
happy to ask a friend of mine who has a very good reputation in being a mail server, mailing
list and security expert, with a very good track record, including all sorts of certifications.
He is offering e-mail services as business.
>>>
>>> I just don't want to spread the name publically without asking him first, and
I don't want to ask him, before we have some common understanding. :-)
>>>
>>
>>
>> </insert>
>
> The proposal is for the exiting securityteam to choose, the above are two possibilities.
>
>
>>
>>
>>>>
>>>> securityteam@oo.o is migrated to whatever the new list is, and those
>>>> people start administrating.
>>>>
>>>> I think it is very important for the public to know who all of the projects
>>>> are on the shared ML.
>
> I propose that this shared security team provide a list of participating peers to the
public.
>
>>>>
>>>> Are we done already :-)
>>
>> Let's let the world revolve to see if we have some Consensus.
>
> Revolve 3x or 72 hours.
>
> Regards,
> Dave
>
>>
>> Regards,
>> Dave
>>
>>>>
>>>> Regards,
>>>> Dave
>>>>
>>>>>
>>>>> That is fair to anyone, does not exclude anyone, does not benefit one
>>>>> over the other -- it's easy, simple, and the best way to go. Sure,
>>>>> everyone can create own aliases pointing to that list, but the core is
>>>>> the same, and that's what matters.
>>>>>
>>>>> If you folks now start complaining about we don't trust Apache, we can
>>>>> answer by complaining you don't trust TDF and so on. It's a horrible
>>>>> waste of time, it's lame, it does not help anyone, and it makes me doubt
>>>>> we're talking amongst adults, seriously.
>>>>>
>>>>> And, really, all this crap being tossed around about trustworthiness,
>>>>> upstream, downstream, code similarities and insults is worth not even
>>>>> the digital paper it's written on.
>>>>>
>>>>> I made a simple, plain, and easy proposal. Don't make things overly
>>>>> complicated, folks.
>>>>>
>>>>> Thanks for considering,
>>>>> Florian
>>>>>
>>>>> --
>>>>> Florian Effenberger <floeff@documentfoundation.org>
>>>>> Steering Committee and Founding Member of The Document Foundation
>>>>> Tel: +49 8341 99660880 | Mobile: +49 151 14424108
>>>>> Skype: floeff | Twitter/Identi.ca: @floeff
>>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Simon Phipps
>>> +1 415 683 7660 : www.webmink.com
>>
>
>

Mime
View raw message