Return-Path: X-Original-To: apmail-incubator-ooo-dev-archive@minotaur.apache.org Delivered-To: apmail-incubator-ooo-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CAAD97B10 for ; Thu, 6 Oct 2011 15:50:56 +0000 (UTC) Received: (qmail 6211 invoked by uid 500); 6 Oct 2011 15:50:56 -0000 Delivered-To: apmail-incubator-ooo-dev-archive@incubator.apache.org Received: (qmail 6170 invoked by uid 500); 6 Oct 2011 15:50:56 -0000 Mailing-List: contact ooo-dev-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ooo-dev@incubator.apache.org Delivered-To: mailing list ooo-dev@incubator.apache.org Received: (qmail 6162 invoked by uid 99); 6 Oct 2011 15:50:56 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Oct 2011 15:50:56 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=FREEMAIL_FROM,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of jogischmidt@googlemail.com designates 209.85.214.47 as permitted sender) Received: from [209.85.214.47] (HELO mail-bw0-f47.google.com) (209.85.214.47) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 06 Oct 2011 15:50:49 +0000 Received: by bke11 with SMTP id 11so3760301bke.6 for ; Thu, 06 Oct 2011 08:50:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=x0gW8pg2z9FhCdGiz52nDd0cYhTtQ2gHGFqHa3xroZI=; b=D+JWGDlFVLVylqFUw14UubA+61sOaM0ytvi5P5bxcwASPcULZJuo/ncn/K7NzHHMZO fGFKHqF3DQpDlMYn837livHpimmceb9K+P+vDRuoNLxSfCOMbx/S6qkLSIYGG8VJdie1 Q12Z+hDFlVtTH3RmGdZBgz8bFUq5/fcP1uVuk= MIME-Version: 1.0 Received: by 10.204.146.9 with SMTP id f9mr690194bkv.385.1317916229175; Thu, 06 Oct 2011 08:50:29 -0700 (PDT) Received: by 10.204.141.75 with HTTP; Thu, 6 Oct 2011 08:50:29 -0700 (PDT) In-Reply-To: <5285EFA6-F46C-4007-8ACE-6DF2DD348AB9@comcast.net> References: <012601cc83b6$22112fe0$66338fa0$@acm.org> <4E8D959C.1010009@documentfoundation.org> <1698C6FB-5815-4CB1-903E-1507C82A8300@webweaving.org> <4E8D9D99.9010506@documentfoundation.org> <512F975D-682E-4EFF-A36C-CAA930AFBDE7@webweaving.org> <625B16EE-6527-42A1-BF7C-4FCE69717998@jaguNET.com> <20111006150529.GQ5916@thinkpad.thebehrens.net> <5285EFA6-F46C-4007-8ACE-6DF2DD348AB9@comcast.net> Date: Thu, 6 Oct 2011 17:50:29 +0200 Message-ID: Subject: Re: Vulnerability fixed in LibreOffice From: =?UTF-8?Q?J=C3=BCrgen_Schmidt?= To: ooo-dev@incubator.apache.org Content-Type: multipart/alternative; boundary=0015175d0302af091a04aea34853 X-Virus-Checked: Checked by ClamAV on apache.org --0015175d0302af091a04aea34853 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Thu, Oct 6, 2011 at 5:25 PM, Dave Fisher wrote: > Hi - > > I blame Oracle, it is nearly 4 months and NO domain transfer. > it doesn't help anybody ;-) > > On Oct 6, 2011, at 8:05 AM, Thorsten Behrens wrote: > > > Jim Jagielski wrote: > >> I agree it needs to be addressed. What is ironic is that this > >> discussion did NOT result in a breakdown of B at all, but > >> rather a breakdown in another entity also not having a policy > >> in place in sharing info with other community members. > >> > > Hi Jim, > > > > since this is ambiguous and leaves the possibility you refer to TDF > > - the information *was* shared. > > Shared with who? > > > I may remind you that, at the point > > of responsible disclosure to securityteam@ooo, the > > ooo-security@apache list was still in the process of being > > setup/populated, and there was an ongoing policy discussion here. > > When that discussion was settled it seems someone on the TDF side should > have taken some initiative to inform AOOo at our list. To not have that > happen was not in any spirit of cooperation. please stop this, let us try to improve it in the future. I think we want work together where possible and not against. > > > > > Really, it seems the breakdown was on this side... > > Not really, that is NOT AOOo's list. It is even now Oracle's abandoned ML= . > > On Oct 6, 2011, at 7:38 AM, Florian Effenberger wrote: > > > Hi, > > > > J=C3=BCrgen Schmidt wrote on 2011-10-06 14:40: > >> My idea is to simply use the existing > >> securityteam@openoffice.org list > for > >> collaborative work on this topic. LibreOffice has also a separate > security > >> list, right. So i don't see your point here. > > > > I proposed that, Rob Weir refused to continue with the existing contact= s, > telling things at Apache were different. > > So, you guys decided to ignore the fact that we had established an > ooo-security@a.i.o because it wasn't what you wanted to have happen? > > Yet at the same time AOOo has absolutely NO control or access to the > securityteam@openoffice.org ML? > again let us focus on the future. I think we have now a common picture in mind and should focus on a working collaboration and shared information flow on security issues via the securityteam@openoffice.org ML. Juergen > > > > > Ping me when you folks have sorted out your issues. > > The real issue is that the openoffice.org MLs have not been reliable, no > one is watching at Oracle and someone here has to contact Andrew Rist abo= ut > every problem and then he has to track it down. > > It would be absolutely great if the ASF got proper control of the > openoffice.org domain. Once we have that then it is possible to handle th= e > ML at openoffice.org, and securityteam@openoffice.org might work. We at > AOOo don't even know who is subscribed to that list. It has NEVER been > disclosed. > . > I don't know why Oracle has failed on their side with the domain transfer > of openoffice.org. > > Regards, > Dave > > > > > --0015175d0302af091a04aea34853--