openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <>
Subject Re: Neutral / shared security list ...
Date Tue, 29 Nov 2011 12:37:36 GMT
On Tue, Nov 29, 2011 at 7:17 AM, Michael Meeks <> wrote:
> So,
> On Tue, 2011-10-25 at 13:00 -0700, Dave Fisher wrote:
>> > On Tue, 2011-10-25 at 10:22 -0700, Dave Fisher wrote:
>> >> I think we are getting somewhere. The last detail is which is the real ML
>> >> and which is the forwarder. While the AOOo project might prefer to have
>> >
>> >     Fair point - for ultra-fairness we should perhaps publish two
>> > forwarding addresses - securityteam@oo.o and securityteam@tdf one each,
>> > both pointing at the neutrally hosted list.
>        So - a quick round up of where we have (not) got here. A month later,
> we still have a non-neutrally hosted Apache controlled list, hosted
> under Apache's domain, with only AOOI members controlling it's
> membership, and an incomplete (from the TDF perspective) membership
> list.
>        Since there is (apparently) no action here at all, and the most
> sensible & friendly options have been exhausted - eg. to have
> cross-membership on each other's lists; I've finally got around to
> setting up:
>        It is intended as a vendor neutral, neutrally hosted list for reporting
> security vulnerabilities.
>        Dennis Hamilton agreed to be an administrator; it'd be great to get
> another administrator or two from the pool people involved in security
> to administrate it from the Apache side, and/or any interested
> derivatives. I plan to populate it with the tdf-security membership in a
> bit.

Just to be clear.  No discussion of this new list has taken place on
ooo-dev or ooo-private.  You have acted unilaterally in this regard.
Dennis is not representing Apache or this project in this matter.  In
fact he is not even a participant on the ooo-security or securityteam

>        It'd also be nice to have a list of guys from your side to subscribe to
> it, and/or otherwise (in the meantime) perhaps we should add
> to be on the safe side.

Since Dennis has already leaked the subscriber list for the
securityteam mailing list to you, I assume you are all set now?

>        All the best,
>                Michael.
> --
>  <><, Pseudo Engineer, itinerant idiot

View raw message