Hi Florian,
I really disagree to add all the members from OOo and LibO to the AOOo
security list.
When some representatives from other projects are there, it's up to them
to decide whether or not some issue also affects the other project, and
then bring that information to that security team/list.
So it's up to each project's security team to decide whom to add to
their team/list. Having a big bulk of people on the AOOo security list
would make it difficult to keep an overview of who is there and why is
he there.
This was the same with OOo/LibO: You didn't add all people from OOo
security team to the LibO security list. Just me, and that actually was
enough IMHO.
Honestly, I don't see a reason to have LibO PR/Marketing people on an
AOOo security list, _except_ they plan to work on security bulletins or
PR stuff also for AOOo.
For example: I really like and trust you, but after the LibO fork, I
would only have added LibO people to the OOo security list who work on
security analyzes and common patches. I wouldn't have seen any reason to
add you, knowing that you only do LibO PR, but no OOo PR anymore.
You would have been informed via the LibO security list if needed.
(Sorry to pick your name, but I guess that's a good example to make my
point clear).
Best regards,
Malte.
On 28.07.2011 23:41, Florian Effenberger wrote:
Hello,
Dennis E. Hamilton wrote on 2011-07-28 22:04:
I support Malte's recommendation to add two individuals that are
currently in-common with respect to OpenOffice.org (traditional) and
LibreOffice.
I must confess I find it really strange that policies seem to be changed
here.
We had a good team at OpenOffice.org working on various security aspects
(reporting, fixing, communicating), and when LibreOffice started, we
unbureaucratically continued to work with the same set of people that
has been proven trustworthy already. Everyone agreed that security is
one of the areas where cooperation is possible without any politics
involved.
I don't know the exact recipient list of the current OOo security list,
but my proposal would simply have been to continue working with those
people. I simply see no reason for changing that (and the notion of "We
do things different here" is no valid argument at all to me).
But maybe that's just my idea. Well, anyways, back to important stuff.
Florian
