incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Meeks <michael.me...@suse.com>
Subject Re: Neutral / shared security list ...
Date Tue, 29 Nov 2011 12:17:23 GMT
So,

On Tue, 2011-10-25 at 13:00 -0700, Dave Fisher wrote:
> > On Tue, 2011-10-25 at 10:22 -0700, Dave Fisher wrote:
> >> I think we are getting somewhere. The last detail is which is the real ML
> >> and which is the forwarder. While the AOOo project might prefer to have
> > 
> > 	Fair point - for ultra-fairness we should perhaps publish two
> > forwarding addresses - securityteam@oo.o and securityteam@tdf one each,
> > both pointing at the neutrally hosted list.

	So - a quick round up of where we have (not) got here. A month later,
we still have a non-neutrally hosted Apache controlled list, hosted
under Apache's domain, with only AOOI members controlling it's
membership, and an incomplete (from the TDF perspective) membership
list.

	Since there is (apparently) no action here at all, and the most
sensible & friendly options have been exhausted - eg. to have
cross-membership on each other's lists; I've finally got around to
setting up:

	officesecurity@lists.freedesktop.org

	It is intended as a vendor neutral, neutrally hosted list for reporting
security vulnerabilities.

	Dennis Hamilton agreed to be an administrator; it'd be great to get
another administrator or two from the pool people involved in security
to administrate it from the Apache side, and/or any interested
derivatives. I plan to populate it with the tdf-security membership in a
bit.

	It'd also be nice to have a list of guys from your side to subscribe to
it, and/or otherwise (in the meantime) perhaps we should add
ooo-security@incubator.apache.org to be on the safe side.

	All the best,

		Michael.

-- 
michael.meeks@suse.com  <><, Pseudo Engineer, itinerant idiot


Mime
View raw message