incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: Neutral / shared security list ...
Date Tue, 25 Oct 2011 19:12:09 GMT
On Tue, Oct 25, 2011 at 2:52 PM, Christian Lohmaier
<cloph@openoffice.org> wrote:
> Hi Pedro, *,
>
> On Tue, Oct 25, 2011 at 8:42 PM, Pedro Giffuni <pfg@apache.org> wrote:
>> I am not in the PPMC specifically to avoid participating in this type of
>> discussions, but I have to say this, just IMHO:
>>
>> I fail to understand why the ASF is not considered neutral,
>
> The ASF people is not the big problem. It is having @openoffice.org or
> @apache.org as part of the address.
>
> You wouldn't be OK with the list being @libreoffice.org or
> @documentfoundation.org, would you?
>
> Those are not neutral either. As I don't think this point is so hard
> to understand, I can only assume Rob is reiterating on this stuff and
> throwing in "trust is what matters" on purpose.
>
> This has nothing to do with trust.
>

I think it has everything to do with trust, and nothing to do with neutrality.

TDF is not the only other party in the universe.  We are glad to hear
your opinions, but they are not determinative of our actions.  We also
need to be concerned with the trust of users, with other downstream
consumers and with security researchers.  As a name, an apache.org
addresses is far more trusted in this area than any new name that you
might find for a list.  In the end, trust is earned.  It is not
something you buy from GoDaddy.

-Rob

>> We owe to our millions of users out there to maintain our own security
>> channels and we cannot delegate them to a third party.
>
> So why do you think it is OK for TDF/LibreOffice to do so?
>
> (I know you're now switching from the neutrality issue to the
> administration part, but that once again is a different issue. Here is
> where trust also comes into play, but not any more than you have to
> trust the people who are subscribed to those lists)
>
>> Looking for
>> an unrelated domain to handle our issues is like giving your children
>> to your neighbors so they educate them "impartially".
>
> For TDF,  @apache.org or @openoffice.org would be "unrelated", a
> different party.
>
> ciao
> Christian
>

Mime
View raw message