On Mon, Aug 1, 2011 at 8:30 PM, Dennis E. Hamilton <[email protected]> wrote: > I'm assuming that, out of the mutual concerns we all share for the community > of ODF supporters, that it might be appropriate to suggest to a reporter that > they take their report to a different security@ address that might be more > appropriate for immediate attention and action. >
Yes. For example, if the question actually boils down to a user support question, on how to use digital signatures, I'd refer them to the support forums. > - Dennis > > -----Original Message----- > From: Rob Weir [mailto:[email protected]] > Sent: Monday, August 01, 2011 16:58 > To: [email protected] > Subject: Re: Population of ooo-security > > On Mon, Aug 1, 2011 at 7:40 PM, Simon Phipps <[email protected]> wrote: > [ ... ] >> I don't think I understand how your response, which refers to the >> functioning of a future list once AOOo has an operational development >> process, applies to my comment, which refers to the situation now when any >> incoming security issue would probably be triaged by fixing & recommending >> use of LibreOffice. >> > > The existence and staffing of ooo-security is part of AOOo > development. It is not something outside of a development process. > Not every report we receive necessarily results in the production of > an urgent patch. But if such a situation occurred, then we'd discuss > on ooo-security and develop a recommendation. But regardless of the > disposition of the report, I think it is important to respect the > privacy of the reporter. > >> S. >> > >
