On Wed, Oct 12, 2011 at 1:28 PM, Dave Fisher <[email protected]> wrote:
> > On Oct 12, 2011, at 10:18 AM, Rob Weir wrote: > > > On Wed, Oct 12, 2011 at 1:09 PM, Dave Fisher <[email protected]> > wrote: > >> Rob, > >> > >> On Oct 12, 2011, at 9:34 AM, Rob Weir wrote: > >> > >>> On Wed, Oct 12, 2011 at 11:48 AM, Dave Fisher <[email protected]> > wrote: > >>> > >>> <snip> > >>> > >>>> I think that "we" as the AOOo PPMC will need to find one or more PPMC > members to fulfill certain external roles. > >> > >> > >> I am emphasizing EXTERNALLY facing roles. These people would generally > be people with the talent of handling sensitive issues in a delicate and > appropriate manner on the list when they arise seemingly out of place. > Knowing that there are volunteers available will help the rest of us focus > on code or migration. > >> > >> > >>>> > >>>> Perhaps these roles are: > >>>> > >>>> (1) Public face of Security for AOOo. > >>>> > >>> > >>> Work on handling security reports occurs on a private list, > >>> ooo-security. It is not visible publicly, or even to the PPMC in > >>> general. Where there needs to be a public communication, for example, > >>> to report a vulnerability, it comes from members of ooo-security. > >>> This is all per the recommended process from Apache Security [1]. The > >>> PPMC is welcome to debate and adopt contract guidelines, but I would > >>> not recommend it. > >>> > >>> The members of the ooo-security list are stated on our FAQ page [2] > >>> > >>> So I think that part is already covered. > >> > >> Given what just happened with LO, we made improvements. But I think that > some member of ooo-security needs to be watching for security related > questions as they appear on ooo-dev and ooo-users. You and Dennis are very > vocal across the whole spectrum of AOOo issues. I think that there needs to > be someone we all know is on top of security and can publicly contact. > >> > >> The rest of us. Me, you, or whoever should refrain from answering such > questions (or answer with deferment and deference). This public facing > person could generally speak for the group. > >> > >>>> (2) Liaison with the TDF. > >>>> > >>> > >>> Ideally, someone who is already both a PPMC member and a TDF member. > >>> We have several. "Half liaisons" (someone who is a member of one > >>> organization but not the other) don't work quite as well. > >> > >> Half or full is not really the issue. Diplomatic and measured response > that can both speak for the group and know when to defer back to the podling > is important. To me a non-TDF member might be better. > >> > >>>> (3) Press Liaison. > >>>> > >>> > >>> As a podling we're a bit limited here, per Podling guidelines [3], but > >>> there is certainly some scope for doing good work here, if someone > >>> wants to volunteer. > >> > >> Someone should be looking out at the real world and letting us know > what's being said about AOOo and then striving to correct the record. This > needs to be someone on the PPMC. The person is this role would work with > [email protected]. They would establish relationships, etc. > >> > > > > I don't think it works that way. I wish it did, but it doesn't. > > > > What we've seen is this: > > > > 1) Reporters are either monitoring this list, or more likely being > > tipped off by someone, pointing them to threads where there is juicy > > stuff. > > > > 2) The write an article, quoting participants on this list. They are > > not picky. They'll quote members and non-members alike, me, Dennis, > > Simony, whoever. > > > > 3) They then publish their article. They never post a note to the > > list, send a note to Press@, ask who our press liaison is. They are > > getting 50 bucks to write an article in 45 minutes, and that is what > > they do. > > > > That is how it works. If we want to change that, having a designated > > person is not enough, unless that person actually does the preemptive > > outreach. If we wait for negative stories to be published we're too > > late. > > Well it looks like a tough job. You do bring up one main benefit of a press > liaison "preemptive outreach." > > We need someone explicitly building the relationships, becoming someone > that the press will know to ask when they want clarification before they > publish something negative or just plain wrong. > > I will volunteer to tackle this in concert with [email protected], and Sally Khudairi, VP Publicity, ASF. Now where is that teflon suit? /don > Regards, > Dave > > > > > > >>> > >>>> (4) Brand Manager / Cat Herder. > >>>> > >>> > >>> You see those as the same thing? We've had a couple requests for > >>> permission to use the OOo trademark and logo. We handled those > >>> requests well, I thought. I don't think there is a volume of such > >>> requests that would suggest we need a person dedicated to that. > >> > >> This is more about herding of wiki, BZ, blogs, fora, and websites to > have proper branding. Looking out for the OOo and AOOo brand in the wild. It > is cat herding because each of these exist in both the legacy OOo site and > in various stages of migration. > >> > >> > >>> > >>> > >>>> With people in these roles who are active then perhaps the rest of us > can defer immediate responses to questions in these areas when they occur on > ooo-dev. With slight formality we might be able to stop the periodic and > damaging flames of misunderstanding. > >>>> > >>> > >>> Other areas where we could use some volunteer leadership: > >>> > >>> 5) wiki master > >>> > >>> 6) bugzilla master > >>> > >>> 7) web master > >> > >> These are more obvious roles that are as much internal to the project as > external. Never-the-less these are roles. > >> > >> (8) User Forum sys admins - supplementing the current proposal with > individuals like perhaps Drew. > >> > >> On Oct 12, 2011, at 9:50 AM, Donald Whytock wrote: > >> > >>> On Wed, Oct 12, 2011 at 12:34 PM, Rob Weir <[email protected]> wrote: > >>>> Other areas where we could use some volunteer leadership: > >>>> > >>> < snip > > >> > >> > >>> IP master? Coordinating the re-licensing process, looking at external > >>> packages linked to, and being the go-to for future contributions? > >> > >> Sure - > >> > >> (9) Legal Maven. Clearing Terms of Use with Apache legal, checking > NOTICE and LICENSE, requesting authors relicense source, etc. > >> > >> Regards, > >> Dave > >> > >>> > >>> Don > >> > >> > >>> > >>> > >>> [1] http://www.apache.org/security/committers.html > >>> [2] http://incubator.apache.org/openofficeorg/ppmc-faqs.html > >>> [3] http://incubator.apache.org/guides/branding.html > >> > >> > >
