Rob, On Oct 12, 2011, at 9:34 AM, Rob Weir wrote:
> On Wed, Oct 12, 2011 at 11:48 AM, Dave Fisher <[email protected]> wrote: > > <snip> > >> I think that "we" as the AOOo PPMC will need to find one or more PPMC >> members to fulfill certain external roles. I am emphasizing EXTERNALLY facing roles. These people would generally be people with the talent of handling sensitive issues in a delicate and appropriate manner on the list when they arise seemingly out of place. Knowing that there are volunteers available will help the rest of us focus on code or migration. >> >> Perhaps these roles are: >> >> (1) Public face of Security for AOOo. >> > > Work on handling security reports occurs on a private list, > ooo-security. It is not visible publicly, or even to the PPMC in > general. Where there needs to be a public communication, for example, > to report a vulnerability, it comes from members of ooo-security. > This is all per the recommended process from Apache Security [1]. The > PPMC is welcome to debate and adopt contract guidelines, but I would > not recommend it. > > The members of the ooo-security list are stated on our FAQ page [2] > > So I think that part is already covered. Given what just happened with LO, we made improvements. But I think that some member of ooo-security needs to be watching for security related questions as they appear on ooo-dev and ooo-users. You and Dennis are very vocal across the whole spectrum of AOOo issues. I think that there needs to be someone we all know is on top of security and can publicly contact. The rest of us. Me, you, or whoever should refrain from answering such questions (or answer with deferment and deference). This public facing person could generally speak for the group. >> (2) Liaison with the TDF. >> > > Ideally, someone who is already both a PPMC member and a TDF member. > We have several. "Half liaisons" (someone who is a member of one > organization but not the other) don't work quite as well. Half or full is not really the issue. Diplomatic and measured response that can both speak for the group and know when to defer back to the podling is important. To me a non-TDF member might be better. >> (3) Press Liaison. >> > > As a podling we're a bit limited here, per Podling guidelines [3], but > there is certainly some scope for doing good work here, if someone > wants to volunteer. Someone should be looking out at the real world and letting us know what's being said about AOOo and then striving to correct the record. This needs to be someone on the PPMC. The person is this role would work with [email protected]. They would establish relationships, etc. > >> (4) Brand Manager / Cat Herder. >> > > You see those as the same thing? We've had a couple requests for > permission to use the OOo trademark and logo. We handled those > requests well, I thought. I don't think there is a volume of such > requests that would suggest we need a person dedicated to that. This is more about herding of wiki, BZ, blogs, fora, and websites to have proper branding. Looking out for the OOo and AOOo brand in the wild. It is cat herding because each of these exist in both the legacy OOo site and in various stages of migration. > > >> With people in these roles who are active then perhaps the rest of us can >> defer immediate responses to questions in these areas when they occur on >> ooo-dev. With slight formality we might be able to stop the periodic and >> damaging flames of misunderstanding. >> > > Other areas where we could use some volunteer leadership: > > 5) wiki master > > 6) bugzilla master > > 7) web master These are more obvious roles that are as much internal to the project as external. Never-the-less these are roles. (8) User Forum sys admins - supplementing the current proposal with individuals like perhaps Drew. On Oct 12, 2011, at 9:50 AM, Donald Whytock wrote: > On Wed, Oct 12, 2011 at 12:34 PM, Rob Weir <[email protected]> wrote: >> Other areas where we could use some volunteer leadership: >> > < snip > > IP master? Coordinating the re-licensing process, looking at external > packages linked to, and being the go-to for future contributions? Sure - (9) Legal Maven. Clearing Terms of Use with Apache legal, checking NOTICE and LICENSE, requesting authors relicense source, etc. Regards, Dave > > Don > > > [1] http://www.apache.org/security/committers.html > [2] http://incubator.apache.org/openofficeorg/ppmc-faqs.html > [3] http://incubator.apache.org/guides/branding.html
