Hi - I blame Oracle, it is nearly 4 months and NO domain transfer.
On Oct 6, 2011, at 8:05 AM, Thorsten Behrens wrote: > Jim Jagielski wrote: >> I agree it needs to be addressed. What is ironic is that this >> discussion did NOT result in a breakdown of B at all, but >> rather a breakdown in another entity also not having a policy >> in place in sharing info with other community members. >> > Hi Jim, > > since this is ambiguous and leaves the possibility you refer to TDF > - the information *was* shared. Shared with who? > I may remind you that, at the point > of responsible disclosure to securityteam@ooo, the > ooo-security@apache list was still in the process of being > setup/populated, and there was an ongoing policy discussion here. When that discussion was settled it seems someone on the TDF side should have taken some initiative to inform AOOo at our list. To not have that happen was not in any spirit of cooperation. > > Really, it seems the breakdown was on this side... Not really, that is NOT AOOo's list. It is even now Oracle's abandoned ML. On Oct 6, 2011, at 7:38 AM, Florian Effenberger wrote: > Hi, > > Jürgen Schmidt wrote on 2011-10-06 14:40: >> My idea is to simply use the existing >> securityt...@openoffice.org <knownsecurityt...@openoffice.org> list for >> collaborative work on this topic. LibreOffice has also a separate security >> list, right. So i don't see your point here. > > I proposed that, Rob Weir refused to continue with the existing contacts, > telling things at Apache were different. So, you guys decided to ignore the fact that we had established an ooo-security@a.i.o because it wasn't what you wanted to have happen? Yet at the same time AOOo has absolutely NO control or access to the securityt...@openoffice.org ML? > > Ping me when you folks have sorted out your issues. The real issue is that the openoffice.org MLs have not been reliable, no one is watching at Oracle and someone here has to contact Andrew Rist about every problem and then he has to track it down. It would be absolutely great if the ASF got proper control of the openoffice.org domain. Once we have that then it is possible to handle the ML at openoffice.org, and securityt...@openoffice.org might work. We at AOOo don't even know who is subscribed to that list. It has NEVER been disclosed. . I don't know why Oracle has failed on their side with the domain transfer of openoffice.org. Regards, Dave >
