incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Meeks <michael.me...@suse.com>
Subject Re: Neutral / shared security list ...
Date Wed, 30 Nov 2011 14:47:11 GMT

On Wed, 2011-11-30 at 07:13 -0500, Rob Weir wrote:
> Remember, we had a securityteam mailing list already.  LO folks were
> subscribed to it.

	Sure that list @openoffice.org.

	A ~random sub-set of TDF folks are subscribed to it. Requests to have
an administrator for the TDF side to rectify it's composition have
AFAICS been repeatedly ignored. eg. I am not subscribed there, and
neither are some other of our security hackers. You were IIRC suddenly
made an administrator of it despite (as far as I am aware) having never
committed a security patch to the codebase.

> So among the people actually involved in the security reporting and
> resolution process, we had a system that worked.

	Except of course, that it doesn't include all those actually doing the
work :-) it includes some of those you think are doing the work, and a
number of people who are apparently not doing much.

	That aside, the existence of that list - configured however you like,
is beside the point, which is about neutrality.

> But this did not seem to please Michael and Simon, people who were not
> part of this process.  To their outside and highly political view, it
> was not neutral enough.  So they unilaterally pushed through another
> list.

	They ? again, I ask you ! I admit to being feebly slow, being involved
in lots of other things; but the LibreOffice TSC discussed and agreed
this, cf. the minutes:

http://lists.freedesktop.org/archives/libreoffice/2011-November/020163.html

	as posted on the public developer list some time ago etc.

> I think this violates some essential principles of our community:

	Please translate that into some concrete course of action you
recommend. Having done a lot of finger-pointing around (supposed, not
actual) non-inclusion in this flow; your stance is strange - it looks as
if you would now prefer -not- to be included in this list; surely that
is not so.

> The status quo was working and no counter proposal had consensus.

	As outlined above, and at length in the thread; the status quo looks
like it is working only from where you stand.

> This was a very poor example of decision making.  In fact I would not
> call it community decision making at all.  It was just Michael acting alone.

	As a general rule, all the decisions I make are poor :-) this is a
consequence of my enfeebled intelligence caused by reading and writing
too many E-mails instead of hacking code; perhaps you can empathise with
that.

	As for acting alone; again, I refer you to my previous request to
clearly separate your conjecture from fact - and to recognise that
"consensus" or otherwise on Apache's lists has little or no bearing on
the course of action we take at TDF. If AOOI (for whatever reason)
insist on applying their own brand & trade-mark & admin oversight to the
'neutral' list; then TDF will create one that is far more neutral and
un-branded in response, and use that.

	Of course; again; my preference is to have the simple cross-membership
of our security lists, as in the past. That would neatly avoid having
four lists where two would easily suffice.

	All the very best,

		Michael.

-- 
michael.meeks@suse.com  <><, Pseudo Engineer, itinerant idiot


Mime
View raw message