incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Re: Neutral / shared security list ...
Date Tue, 29 Nov 2011 16:12:36 GMT
Hi Michael,

While some might have hoped for another proposal and discussion prior to action, thank you
for going ahead where there was clearly no consensus for specific action on the AOO side.

On Nov 29, 2011, at 4:17 AM, Michael Meeks wrote:

> So,
> 
> On Tue, 2011-10-25 at 13:00 -0700, Dave Fisher wrote:
>>> On Tue, 2011-10-25 at 10:22 -0700, Dave Fisher wrote:
>>>> I think we are getting somewhere. The last detail is which is the real ML
>>>> and which is the forwarder. While the AOOo project might prefer to have
>>> 
>>> 	Fair point - for ultra-fairness we should perhaps publish two
>>> forwarding addresses - securityteam@oo.o and securityteam@tdf one each,
>>> both pointing at the neutrally hosted list.
> 
> 	So - a quick round up of where we have (not) got here. A month later,
> we still have a non-neutrally hosted Apache controlled list, hosted
> under Apache's domain, with only AOOI members controlling it's
> membership, and an incomplete (from the TDF perspective) membership
> list.
> 
> 	Since there is (apparently) no action here at all, and the most
> sensible & friendly options have been exhausted - eg. to have
> cross-membership on each other's lists; I've finally got around to
> setting up:
> 
> 	officesecurity@lists.freedesktop.org
> 
> 	It is intended as a vendor neutral, neutrally hosted list for reporting
> security vulnerabilities.
> 
> 	Dennis Hamilton agreed to be an administrator; it'd be great to get
> another administrator or two from the pool people involved in security
> to administrate it from the Apache side, and/or any interested
> derivatives. I plan to populate it with the tdf-security membership in a
> bit.

Dennis is a good choice. On these lists he is often focused on security.

> 
> 	It'd also be nice to have a list of guys from your side to subscribe to
> it, and/or otherwise (in the meantime) perhaps we should add
> ooo-security@incubator.apache.org to be on the safe side.

I think that would be best. 

I hope for a future time when the TDF will consider openoffice.org to be neutral. I have no
energy to argue that case. At the risk of an English colloquialism - "the proof is in the
pudding".

We have a lot with IP Clearance, Builds, OOo migration, TOOo proposal, and N-L groups.

Best Regards,
Dave

> 
> 	All the best,
> 
> 		Michael.
> 
> -- 
> michael.meeks@suse.com  <><, Pseudo Engineer, itinerant idiot
> 


Mime
View raw message