incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: Vulnerability fixed in LibreOffice
Date Mon, 10 Oct 2011 12:42:09 GMT
On Mon, Oct 10, 2011 at 8:24 AM, Simon Phipps <simon@webmink.com> wrote:
>
> On 10 Oct 2011, at 12:45, Rob Weir wrote:
>
>> No objections if you want to start a separate invitation-only security
>> discussion list.  It would probably get some use.  But we'll continue
>> to ask for security reports to come to ooo-security.i.a.o.
>
> We appeared to reach consensus[1] on this issue in your absence, Rob, you may have missed
the e-mails. The view that was expressed was we should avoid conflating
>
> A:  AOOo's internal security processing, which is naturally and correctly a private
matter for the PPMC, and
> B:  Good-faith collaboration among the legacy StarOffice ecosystem and the security-focussed
developers therein on a private list open to anyone with a proven record of developing in
legacy StarOffice codebases.
>
> To facilitate (B), Shane proposed[2] we maintain securityteam@openoffice.org if at all
possible. If that's not possible for some reason, Michael has suggested[3] a list at freedesktop.org.
>
> Since Shane's proposal on October 6 no-one has spoken against it; should we consider
you to be doing so?
>

Yes.  I've read all the emails from last week. Did Michael?  I read
his note from today as arguing against the "consensus" that you are
declaring.  He is arguing for allowing non-committers on
ooo-security.i.a.o, or alternatively setting up, "a shared list as our
preferred contact point for vulnerabilities".  The later is not what
your [B] above is proposing.

In my note, I wrote, "No objections if you want to start a separate
invitation-only security discussion list.  It would probably get some
use.  But we'll continue to ask for security reports to come to
ooo-security.i.a.o.".  I see that as conforming to the consensus.
Should we consider that you and Meeks are against this consensus?

-Rob

> S.
>
>
> [1] http://mail-archives.apache.org/mod_mbox/incubator-ooo-dev/201110.mbox/%3CCAKQbXgBa+MOSbASgiDGFTB7+z8gpGS38Yx0-itMOf3=QhFG0FA@mail.gmail.com%3E
> [2] http://mail-archives.apache.org/mod_mbox/incubator-ooo-dev/201110.mbox/%3C4E8DC442.7090602@shanecurcuru.org%3E
> [3] http://mail-archives.apache.org/mod_mbox/incubator-ooo-dev/201110.mbox/%3C1318241437.13022.82.camel@lenovo-w500%3E

Mime
View raw message