I confess that I am having trouble extracting concrete actionables from Ross's request. I need to reread the thread from the beginning.
One thing, off-hand. I believe the commitment is to support mutual security concerns via security@ OO.o or any successor, not via some special arrangement with TDF security. On behalf of that, ooo-security@ has become an observer at security@ OO.o. Having members on security@ OO.o has not yet been established. It is also proposed to stabilize custodianship of security@ OO.o using Apache hosting. That will require ensuring that treatment of all participants on security@ shall be even-handed and professional, and demonstrating that Apache can be counted on for that. If that is a matter that the Board might wish to be aware of, it might be said more succinctly. Also, I would recommend that, because the start-up of something so challenging as AOOo is so daunting, and the fact that IP clearance work is ongoing, that the OpenOffice.org podling be kept on monthly reporting for the quarterly reporting cycle the podling is now in. - Dennis -----Original Message----- From: Ross Gardler [mailto:[email protected]] Sent: Wednesday, October 12, 2011 06:05 To: [email protected] Subject: Re: PMC report for October 2011 On 12 October 2011 13:51, Rob Weir <[email protected]> wrote: > On Wed, Oct 12, 2011 at 6:34 AM, Ross Gardler > <[email protected]> wrote: >> Before I sign off I'd like to see the report address external >> communications explicitly. >> >> The project has a real problem right now with asserting itself as the >> OpenOffice.org project and defining how it will interact with >> downstream projects. Is the community going to take ownership of this? >> >> It would be nice to see a statement from the PPMC making it explicit >> what they wish to tackle and, where possible, how. For example, after >> a flurry of discussion about improved security reporting processes and >> collaboration opportunities is the PPMC going to deliver or will this >> just die down and go away? >> > > In that other long thread -- and it is understandable if you missed > this -- I said: I did see your statement, I'm hoping the PPMC will rally behind it in time to be able to put it something like it in the board report and make it official ;-) I didn't comment on your original proposal, as I don't have the time to monitor another mailing list (nor the skills in the case of security issues). Others might be interested in helping, but they won't see it in that thread. > So I'm proposing that a couple Apache members step up to the plate on > this as well. What do you say? If you feel this is important than flag it in the board report. Part of the purpose of the board report is to indicate what the foundation as a whole can do to help the project. It is true that your mentors are here to help realise that, and in this case the board will probably just assume the mentors are helping. However, when you are a top level project that will not be the case. Hence my suggestion that this might be appropriate for your report. It is a community issue that would benefit from the experience we can find at board level. Please note, however, that my request was not solely about security issues, it's also about management of press around the project and its trademarks. If you are not yet ready to make a statement about that then that's fine, but we probably want to think about it in the future. Ross
