On Fri, Jul 29, 2011 at 2:04 PM, Dave Fisher <[email protected]> wrote: > > > Let's stop misinterpreting and offending each other and find a way to > co-operate. > > Several possibilities have been discussed. > > (1) A private list of experts that will be contacted as needed by > ooo-security. Maybe this should be public, self-identified and on the > commiunity wiki? > > (2) A list of interested, interrelated projects that want to be informed of > upcoming fixes, etc, slightly in advance. Registered on the community wiki? > > (3) Remembering that anyone who actually has an issue can report it to > ooo-security and ooo-security would likely include that individual in their > discussion and remediation. Other APache projects actually show who reported, > when it was privately and when it was publicly disclosed. > > (4) An offer to anyone who is an OOo security expert including LO/TDF people > to join the podling as a committer and member of the PPMC - requires an ICLA > (which is not a baptism nor is it circumcision) and the vote of the PPMC. > > Do you have something constructive to add here?
yes: to quote Malte Timmermann: (0) "From the people on the current OOo security team, there are (iirc) only 2 people beside myself who regularly worked on fixes for security issues: Caolan McNamara and Rene Engelhard. I would like to add them to ooo-security. They are also in the LibO security team, so adding them should give enough LibO coverage." Norbert
