Hi Louis, hi Sophie
My question is : could we put a communication flow in place about
those security alerts, make this communication transparent and usefull
for our users and the press, and at the end show that we are
concerned. Several reactions on the French list have pointed a wrong
decision to not communicate about the security, where we simply took
no decision at all.
I totally agree with your reaction (and the ones that occured on french
lists)
I'd suggest that when a security issue is communicable (eg, basically
resolved or in the process) that security-team work with pr@ or at the
*least* send a direct note to John McC and me (both) to get things
rolling, and that pr@ be the place for subsequent work on the PR or
announcement.
Why only marketing ? It is not 'only' a marketing problem
i would also suggest to cc the project-lead mailing list
this list is 'restricted' and all the leads of OOo should be aware that
something is occuring *before* discovering it in a press release
Thus, the official flow:
* security work is being done; security-team is presumably aware of this
or if not is notified
* when resolution is imminent, pr@ is notified. If not pr@, then at
least John and me
then i would add project leads
* pr is written, translated, and published within a few days of
resolution of event; mention is on the OOo homepage and on other project
pages.
Thanks again Sophie for raising this problem. We really need to work
internally on this but also be more trustable from the outside by users
so communicate efficiently on our corrections (mozilla is an example to
follow, i think, here)
Laurent
--
Laurent Godard <[EMAIL PROTECTED]> - Ingénierie OpenOffice.org -
http://www.indesko.com
Nuxeo Enterprise Content Management >> http://www.nuxeo.com -
http://www.nuxeo.org
Livre "Programmation OpenOffice.org", Eyrolles 2004-2006
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
