On Thu, Oct 6, 2011 at 5:25 PM, Dave Fisher <[email protected]> wrote:
> Hi - > > I blame Oracle, it is nearly 4 months and NO domain transfer. > it doesn't help anybody ;-) > > On Oct 6, 2011, at 8:05 AM, Thorsten Behrens wrote: > > > Jim Jagielski wrote: > >> I agree it needs to be addressed. What is ironic is that this > >> discussion did NOT result in a breakdown of B at all, but > >> rather a breakdown in another entity also not having a policy > >> in place in sharing info with other community members. > >> > > Hi Jim, > > > > since this is ambiguous and leaves the possibility you refer to TDF > > - the information *was* shared. > > Shared with who? > > > I may remind you that, at the point > > of responsible disclosure to securityteam@ooo, the > > ooo-security@apache list was still in the process of being > > setup/populated, and there was an ongoing policy discussion here. > > When that discussion was settled it seems someone on the TDF side should > have taken some initiative to inform AOOo at our list. To not have that > happen was not in any spirit of cooperation. please stop this, let us try to improve it in the future. I think we want work together where possible and not against. > > > > > Really, it seems the breakdown was on this side... > > Not really, that is NOT AOOo's list. It is even now Oracle's abandoned ML. > > On Oct 6, 2011, at 7:38 AM, Florian Effenberger wrote: > > > Hi, > > > > Jürgen Schmidt wrote on 2011-10-06 14:40: > >> My idea is to simply use the existing > >> [email protected] <[email protected]> list > for > >> collaborative work on this topic. LibreOffice has also a separate > security > >> list, right. So i don't see your point here. > > > > I proposed that, Rob Weir refused to continue with the existing contacts, > telling things at Apache were different. > > So, you guys decided to ignore the fact that we had established an > [email protected] because it wasn't what you wanted to have happen? > > Yet at the same time AOOo has absolutely NO control or access to the > [email protected] ML? > again let us focus on the future. I think we have now a common picture in mind and should focus on a working collaboration and shared information flow on security issues via the [email protected] ML. Juergen > > > > > Ping me when you folks have sorted out your issues. > > The real issue is that the openoffice.org MLs have not been reliable, no > one is watching at Oracle and someone here has to contact Andrew Rist about > every problem and then he has to track it down. > > It would be absolutely great if the ASF got proper control of the > openoffice.org domain. Once we have that then it is possible to handle the > ML at openoffice.org, and [email protected] might work. We at > AOOo don't even know who is subscribed to that list. It has NEVER been > disclosed. > . > I don't know why Oracle has failed on their side with the domain transfer > of openoffice.org. > > Regards, > Dave > > > > >
