The discussion on how ooo-security would (or would not) work, and how cooperation with other security teams would (or would not work) was quite public and visible on ooo-dev.
How is it that this "reciprocal action" occurred and was made known to the Apache OOo podling? And how is it that it was performed on [email protected] ? When did that become a TDF property? Who is the "our" in whose name a reciprocal action was taken? If this was a race to demonstrate who is the least trustworthy in these matters, I concede that you won. Feel better now? Now, how is détente to be achieved? - Dennis -----Original Message----- From: Michael Meeks [mailto:[email protected]] Sent: Monday, October 10, 2011 03:11 To: [email protected] Subject: Re: Vulnerability fixed in LibreOffice [ ... ] I would instead seriously suggest that the Apache OOo decision to exclude non-committers from the security list (undoing years of trust and co-operation here) plus our reciprocal action is the ultimate root cause of this communication problem. Fixing that by re-visiting that decision seems like the cheapest approach. Having dozens of contact points for umpteen different lists seems like a sure-fire recipe for disaster. [ ... ]
