Hi Rob,
On Mon, 2011-10-10 at 12:19 -0400, Rob Weir wrote:
> It does not seem reasonable to publicly excoriate AOOo for having a
> private security list restricted to members while you are
> simultaneously and without notice proceed to enforce the same policy
> for the TDF security list.
It is clearly my preference to have mutual openness and
cross-subscription, and this was how we set out. Your decision to stop
that tradition shut that trust down. I'm eager to re-start it, either
with a neutrally hosted shared list, or cross-membership (as before).
> Some might even say that was disingenuous and hypocritical.
You always represent the hyper-charitable fringe so nicely.
> I see you sharing information about subscribers on a private security
> list in attempts to score points and embarrass list participants.
Um; out of interest - where ? I was unaware that the list of
subscribers to private security lists is itself a useful secret :-) as
for the attempt to score points and embarrass - can you expand on who is
embarrassed ? If it is your presence on and/or monitoring of the
cross-vendor list, you advertised that yourself on this list at least
once[1].
Thus far, I've spent quite a bit of un-necessary time helping to
itemise the facts that point to the locus of inadequacy and
non-communication: mainly because in their absence it has been horribly
mis-placed. It is sad if that is embarrassing for you.
> I see a TDF blog post that is full of misstatements and inaccuracies
> about a non-existant vulnerability, one that the original RedHat expert
> now admits is not a security issue.
Potentially you confuse the issue that was found with the rather
broader scope of the fix that was applied for it.
> All I'm doing is suggesting that we treat AOOo security like we do
> for every other Apache project.
Sounds great - lets have open-ness to other projects, and
cross-fertilisation of list composition without arbitrary and
un-necessary barriers to entry then :-) I'd love that.
It seems that are you asserting that the advice from the established
Apache security mechanism was to be as insular as possible though; is
that really the case ? are all other Apache projects security lists
closed to helpful outside membership ?
> But you are playing games and trying to score points.
How did it come to this.
Regards,
Michael.
[1] -
http://mail-archives.apache.org/mod_mbox/incubator-ooo-dev/201107.mbox/%
3CCAP-ksoi0dJtLbfGoHhAQ3OVfNT4zsxsDcrCOCGYy=ehawpm...@mail.gmail.com%3E
--
[email protected] <><, Pseudo Engineer, itinerant idiot
