On Fri, Jul 29, 2011 at 12:26 PM, Norbert Thiebaud <[email protected]> wrote: > On Fri, Jul 29, 2011 at 10:48 AM, Rob Weir <[email protected]> wrote: >> On Fri, Jul 29, 2011 at 10:58 AM, Florian Effenberger >> <[email protected]> wrote: >>> Hi, >>> >>> Rob Weir wrote on 2011-07-29 16:49: >>>> >>>> What did you think of Simon's idea of having a discussion list, >>>> perhaps outside of Apache, where interested parties could discuss >>>> issues related to the security of OOo and related code bases? >>>> Something like that could be useful, even if it is not part of the >>>> official incident response process of Apache or LibreOffice. >>> >>> I was not talking about chatting on security topics, I was talking about >>> effectively cooperating on security issues, like we did in the past, in a >>> trusted, well-proven group. >>> >>> However, people made it clear that this is not of interest, so I simply shut >>> up here. >>> >> >> The offer remains open: If any LibreOffice security expert joins this >> list, states that they have relevant expertise and that expresses a >> commitment to work on Apache OpenOffice security, and are willing to >> sign and return the Apache iCLA, then I will gladly nominate them as a >> committer and recommend that they be added to the ooo-security list. > > Sarcasm does not "travel well", maybe you should add <sarcasm> > </sarcasm> to the above paragraph ? >
I hope this was not taken as sarcasm. It certainly was not attended as such. And note that this is not just a personal offer from me. This is just the way Apache works. Any PPMC member could make the same offer. I'm just saying that getting experts from LibreOffice involved is priority for me, and the steps I outlined above are the most natural way to make this happen. > Norbert >
