incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <orc...@apache.org>
Subject RE: Volunteers needed to pickup some tasks
Date Sun, 09 Sep 2012 17:46:13 GMT
I think it is important to appreciate that project participation on ooo-security does require
membership on the [P]PMC.  The security@ apache.org list also has oversight on ooo-security@
i.a.o. 

The work on ooo-security has accountability to the PPMC.  There are special arrangements that
go with developing and slip-streaming fixes into releases and staging disclosure.  Even after
repairs in a release are disclosed, much of the activity and many details remain behind-the-scenes.

In order to support intake of new ooo-security contributors, provide for backup of responsibilities
within the team, and also clarify how the security team accounts to the [P]PMC, the working
of these arrangements probably needs to be documented in some way (without discussing vulnerabilities
themselves), including the approach to cooperation with those reporting vulnerabilities/exploits
and coordination with other projects (mainly via the officesecurity@ lists.freedesktop.org
list) on cases of mutual importance -- a common occurrence.  

 - Dennis

-----Original Message-----
From: Dave Fisher [mailto:dave2wave@comcast.net] 
Sent: Sunday, September 09, 2012 09:46
To: ooo-dev@incubator.apache.org
Subject: Re: Volunteers needed to pickup some tasks

Hi,

Some comments on the coverage so far.

On Sep 7, 2012, at 10:50 PM, Rob Weir wrote:
[ ... ]

> 3. Taking the lead on the AOO Security team, tracking vulnerability
> reports, writing disclosure bulletins, coordinating with security
> analysts and related open source projects.

Here is where we need volunteers. This is an area where of necessity little is known of the
activity until a release is made. It is a developer / tester area.

[ ... ]


Mime
View raw message