On 10 Oct 2011, at 12:45, Rob Weir wrote: > No objections if you want to start a separate invitation-only security > discussion list. It would probably get some use. But we'll continue > to ask for security reports to come to ooo-security.i.a.o.
We appeared to reach consensus[1] on this issue in your absence, Rob, you may have missed the e-mails. The view that was expressed was we should avoid conflating A: AOOo's internal security processing, which is naturally and correctly a private matter for the PPMC, and B: Good-faith collaboration among the legacy StarOffice ecosystem and the security-focussed developers therein on a private list open to anyone with a proven record of developing in legacy StarOffice codebases. To facilitate (B), Shane proposed[2] we maintain [email protected] if at all possible. If that's not possible for some reason, Michael has suggested[3] a list at freedesktop.org. Since Shane's proposal on October 6 no-one has spoken against it; should we consider you to be doing so? S. [1] http://mail-archives.apache.org/mod_mbox/incubator-ooo-dev/201110.mbox/%3CCAKQbXgBa+MOSbASgiDGFTB7+z8gpGS38Yx0-itMOf3=qhfg...@mail.gmail.com%3E [2] http://mail-archives.apache.org/mod_mbox/incubator-ooo-dev/201110.mbox/%[email protected]%3E [3] http://mail-archives.apache.org/mod_mbox/incubator-ooo-dev/201110.mbox/%3C1318241437.13022.82.camel@lenovo-w500%3E
