Not to make too fine a point of it, but [email protected] (another private list) is automatically included on everything that happens on ooo-security @incubator.apache.org. It is not like there is any absence of oversight.
Also, as a member of the ooo-security list, it never occurred to me that security @tdf and, if different, securityteam @OO.o, would not be informed of anything that came to ooo-security that represented a (potential) common vulnerability. I can't imagine that not being done. I can't imagine it even being a question. - Dennis -----Original Message----- From: Rob Weir [mailto:[email protected]] Sent: Monday, October 10, 2011 15:58 To: [email protected] Subject: Re: Vulnerability fixed in LibreOffice [ ... ] I think it would be good if the PPMC wanted to express to the ooo-security members that they want us to make security collaboration with TDF/LO a priority and to make every effort to share all appropriate information with TDF/LO. I'd support that. This could be solemnized by having a few Apache members, maybe mentors, affirm that they will make an effort to monitor that ooo-security list and to escalate to the AOOo PPMC is there is any backsliding on this. -Rob
