incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Lohmaier <cl...@openoffice.org>
Subject Re: Neutral / shared security list ...
Date Wed, 30 Nov 2011 12:41:13 GMT
Hi Rob,

On Wed, Nov 30, 2011 at 1:13 PM, Rob Weir <robweir@apache.org> wrote:
> On Tue, Nov 29, 2011 at 11:45 AM, Pedro Giffuni <pfg@apache.org> wrote:
>> Hello guys;
>>
>> --- On Tue, 11/29/11, Dave Fisher <dave2wave@comcast.net> wrote:
>>
>>> Hi Michael,
>>>
>>> While some might have hoped for another proposal and
>>> discussion prior to action, thank you for going ahead where
>>> there was clearly no consensus for specific action on the
>>> AOO side.
>>>
>>
>> As I see it, this list is not official. The AOO PPMC has no
>> influence whatever over it, but that is precisely the type
>> of "neutrality" the involved actors wanted.
>>
>
> Remember, we had a securityteam mailing list already.  LO folks were
> subscribed to it.  We (the AOO security team) have been working
> closely with them on reported security issues.  This included analysis
> and sharing of patches. (Yes, Apache and LO members shared patches).
> So among the people actually involved in the security reporting and
> resolution process, we had a system that worked.

You-are-kidding-me.

The whole thing was stirred up because you (Apache-OOo) claimed you
would not know anything about the vulnerabilities that were fixed in
LO.
Starting with this:
http://mail-archives.apache.org/mod_mbox/incubator-ooo-dev/201110.mbox/%3Cae2e5b53-710b-4ed4-81b7-f5c386281837@zimbra60-e10.priv.proxad.net%3E

and lots and lots of messages that did follow.

So it was not working since there was apparently lack of communication
on ApacheOOoI's end.

> But this did not seem to please Michael and Simon, people who were not
> part of this process.  To their outside and highly political view, it
> was not neutral enough.  So they unilaterally pushed through another
> list.

You're making a dick of yourself.
The security-list topic has been discussed at length spanning multiple
weeks. Stop acting so surprised about it and especially don't deny
that the discussion took place. This is ridiculous.

That being said: Yes, apache-camp did disagree about the definition of
"neutral" - TDF/LO's view is: A list carrying the trademark of one of
the products is not neutral. No matter how nice its management is
done. The email-address where people should report issues carries a
clear stamp, and is therefore not neutral.

> The status quo was working and no counter proposal had consensus.

No - it was not working, and the same way you do argument, Michael can
argument with "lazy consensus" that is quoted so conveniently.

> Maybe some disagree and were unhappy that their personal preferences
> did not get universal acclamation, but *how* we decide these questions
> is as important as *what* we decide.    This was a very poor example
> of decision making.  In fact I would not call it community decision
> making at all.  It was just Michael acting alone.

That is your personal crusade against Michael Meeks/SuSE. Keep that
stuff out of it. Seriously. You're really making a kindergarten out of
it.

ciao
Christian

Mime
View raw message