incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: Neutral / shared security list ...
Date Wed, 30 Nov 2011 12:13:57 GMT
On Tue, Nov 29, 2011 at 11:45 AM, Pedro Giffuni <pfg@apache.org> wrote:
> Hello guys;
>
> --- On Tue, 11/29/11, Dave Fisher <dave2wave@comcast.net> wrote:
>
>> Hi Michael,
>>
>> While some might have hoped for another proposal and
>> discussion prior to action, thank you for going ahead where
>> there was clearly no consensus for specific action on the
>> AOO side.
>>
>
> As I see it, this list is not official. The AOO PPMC has no
> influence whatever over it, but that is precisely the type
> of "neutrality" the involved actors wanted.
>

Remember, we had a securityteam mailing list already.  LO folks were
subscribed to it.  We (the AOO security team) have been working
closely with them on reported security issues.  This included analysis
and sharing of patches. (Yes, Apache and LO members shared patches).
So among the people actually involved in the security reporting and
resolution process, we had a system that worked.

But this did not seem to please Michael and Simon, people who were not
part of this process.  To their outside and highly political view, it
was not neutral enough.  So they unilaterally pushed through another
list.

I think this violates some essential principles of our community:

1) What we do in this project should take the lead from those involved
in the actual work, not by agitation from outsiders.  This new
security list was not driven by the committer/PPMC members of
ooo-security, but by non-members, like Michael Meeks, who recently
stated on this list that he wished to see the project fail quickly so
we could be put out of our misery.  I'm always glad to hear other
opinions, but what makes working at Apache fun is that those who do
the work set the direction and make the decisions.

2) There was nothing urgent at play here that suggested we should
abandon a consensus based approach and work outside of this list to
implement alternatives.  I think it is in very bad tastes for a PPMC
member to do an "end run" around the consensus driven efforts.

The status quo was working and no counter proposal had consensus.
Maybe some disagree and were unhappy that their personal preferences
did not get universal acclamation, but *how* we decide these questions
is as important as *what* we decide.    This was a very poor example
of decision making.  In fact I would not call it community decision
making at all.  It was just Michael acting alone.

-Rob

Mime
View raw message