incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: [DISCUSS] Neutral / shared security list proposal
Date Fri, 21 Oct 2011 17:47:29 GMT
On Fri, Oct 21, 2011 at 1:06 PM, Michael Meeks <michael.meeks@suse.com> wrote:
> Hi Dennis & list,
>
> On Fri, 2011-10-21 at 08:11 -0700, Dennis E. Hamilton wrote:
>> It is not something that can be done unilaterally here on the AOOo podling.
>> Do you propose that this be discussed at securityteam@ OO.o?  It would
>> seem that is where consensus is required.
>
>        Last I checked only a few from TDF's security group are on that list;
> so it doesn't seem an ideal forum either. Lets just CC our security team
> as I've done.
>
>        I am mildly amused by the convenient deployment of the argument type:
> "we have always done it this way" from a project undergoing such a lot
> of (in many ways positive) changes. Combine this with a world of
> extraordinary possibilities such as: mail forwarding and the "mail
> address is well known" bites the dust. There were many projects and
> people I used to admire in the ASF, but claiming it is neutral in
> today's world is not sensible.
>
>        I would like to see, and think it is reasonable to ask for:
>
>        1. a neutral domain / list name
>        2. a comprehensive set of moderators / admins cf. previous
>        3. neutral hosting
>
>        It seems vs. the present that the ASF guys are suggesting to compromise
> on only one of these points (2.) ie. having two Apache supporters (Rob +
> Dennis) as moderators, and one TDF guy (me or Caolan): is that right ?
>

If you want another TDF moderator then please propose a name on the
securityteam list.  I don't see a problem with that.

>        At a big stretch, assuming there is no heavy-governance-petting
> anywhere near it, I could cope with not having 3. ie. Apache hosting it
> - after all, that is rather invisible [ but I personally loathe reply-to
> mangling - I don't believe we would want that pushed onto us ].
>
>        So - where do we go from there ? it looks to me like no compromise is
> possible (for some definitions of compromise). We could create two
> 'neutral' mailing lists one at each side, with cross subscriptions to
> our own security lists - but it all seems a bit pointless.
>

If you recall, I was originally arguing for having only ooo-security
and not having a securityteam list at all.  So from my perspective,
the continuation of securityteam@openoffice.org is the compromise.  Of
course, you can continue to bring up new demands and expectations ,
and try to make it appear that this was never a compromise and that
the only fair-minded thing would be to move closer to your new
position.  But obviously I could do the same thing.

So I suggest we all show some good will, for the benefit of the users,
and give it a try at working together on securityteam@openoffice.org.
In the end neutrality does not come from a domain name or an IP
address or a host.  It comes from fairness and transparency.  I think
you can be fair on securityteam@openoffice.org, and I hope you think
the same of me.  So let's give it a try.  OK?


-Rob

>        Regards,
>
>                Michael.
>
> --
> michael.meeks@suse.com  <><, Pseudo Engineer, itinerant idiot
>
>

Mime
View raw message