incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Re: Neutral / shared security list ...
Date Tue, 25 Oct 2011 22:04:11 GMT

On Oct 25, 2011, at 2:47 PM, Dennis E. Hamilton wrote:

> Florian,
> 
> There is one important concern for a community security list: not all neutral locations
are created equal, from a security point of view.  There is more required for a security list
than for an ordinary mailing list, even a supposedly private mailing list.
> 
> I don't know what practices TDF offers with regard to such a hosting.  That would be
more important to me than a neutral domain name.
> 
> I do have a sense of what ASF offers.  (And this is not about the AOOo podling or who
is on that project.)
> 
> For any other contender, the trustworthiness of the site as a location for a security
list is important.  This is different than the issues of trust that exist with regard to governance
and the participation on the security list.
> 
> It is not a trivial matter.

No it is not a trivial concern. Once we've agreed to have a neutral domain name like "team@office-security.org"
then we have essentially agreed to Florian's proposal.

> 
> Ian Lynch wrote on 2011-10-25 19:18:
>> Well babies are usually made from love and tenderness (unless it's a
>> mistake) and I don't see too much of that in this approach. At least to get
>> started why not do it on a neutral list? Florian has made a perfectly
>> reasonable case for it. Is that so much to give up just to get something
>> going? In terms of baby making I'd say we need some serious marriage
>> guidance before even talking about getting in bed together never mind
>> wrapping anything in latex.
> 
> thank you for being reasonable and seeing what my proposal intends -- 
> really, that's truly appreciated.
> 
> Seeing all those proposals coming in -- no list at all, everyone 
> forwards to each other etc. -- simply makes no sense. It creates 
> overhead, it makes things slow, and that just for the sake of not 
> agreeing to a simple proposal, it feels.
> 
> To sum up my proposal again: If we are on neutral grounds, nobody loses 
> anything, but we all can win. It is not about telling any entity is not 
> trustworthy enough -- it simply is the easiest solution for a topic that 
> has been cooking for weeks now.
> 
> The easiest solution -- and anyone with common sense should agree -- is 
> to have a shared list on neutral grounds. Not involving ASF, AOOo, 
> TeamOOo, neither TDF, LibO, FrODeV.

Agreed. We need to pick a neutral domain name. office-security.org is apparently free.

Some institution needs to buy domain registration. I've been the volunteer registrar for a
social groups domain, it is a pain to transition. This needs to be an institution, it could
be Team OOo?

An ISP for hosting the private ML needs to be selected. Dennis suggests that the ASF could
be that ISP for free. Could the TDF be the ISP? Isn't that for you to say? I agree it is not
the main issue.

securityteam@oo.o is migrated to whatever the new list is, and those people start administrating.

I think it is very important for the public to know who all of the projects are on the shared
ML.

Are we done already :-)

Regards,
Dave

> 
> That is fair to anyone, does not exclude anyone, does not benefit one 
> over the other -- it's easy, simple, and the best way to go. Sure, 
> everyone can create own aliases pointing to that list, but the core is 
> the same, and that's what matters.
> 
> If you folks now start complaining about we don't trust Apache, we can 
> answer by complaining you don't trust TDF and so on. It's a horrible 
> waste of time, it's lame, it does not help anyone, and it makes me doubt 
> we're talking amongst adults, seriously.
> 
> And, really, all this crap being tossed around about trustworthiness, 
> upstream, downstream, code similarities and insults is worth not even 
> the digital paper it's written on.
> 
> I made a simple, plain, and easy proposal. Don't make things overly 
> complicated, folks.
> 
> Thanks for considering,
> Florian
> 
> -- 
> Florian Effenberger <floeff@documentfoundation.org>
> Steering Committee and Founding Member of The Document Foundation
> Tel: +49 8341 99660880 | Mobile: +49 151 14424108
> Skype: floeff | Twitter/Identi.ca: @floeff
> 


Mime
View raw message