On 25 Oct 2011, at 01:25, Dave Fisher wrote: > Simon, > > Please don't despair!
:-) Thanks, Dave. Encouragement accepted and appreciated. > > I think that Rob is getting ahead of the situation. We need to reach a simple > agreement about this single issue before bringing up other obvious places of > overlap. I think we may really be closer than we think. I hope so. The private feedback I have heard from some of the TDF committers is they read the hostility clearly and have proceeded with starting a list as Michael Meeks proposed. I fear my fence-mending skills may be inadequate at this stage. > Not sure how much this is like your original proposal, Strong similarities :-) My original outline was: --- "* That [email protected] be used as the shared meta-community security contact list for projects deriving their source code from the former Sun-led OpenOffice.org project. The list would be used for any valid meta-community security matter including especially announcement co-ordination. * That the list should be private to list members (and with the consent of the list, to their project's private security list), with mutually agreed confidentiality, and populated only with people known to the majority of the list members as bona-fides security-related developers. * That the list be populated only with the consent of the existing list members (suggested process: a list member proposes a new list member with a brief explanation why they are a good-faith and experienced security developer in the meta-community. Code-modification-style voting takes place. A moderator adds the new member. In the event of mishap, list members may be removed using the same process). * Agreeing who the moderators should be by list-member consensus" --- > but maybe the following is acceptable: > > (1) The [email protected] continues. > > (2) The membership of securityteam ML should be open to individuals and > forks/"downstreams" as selected by the ML membership. > > (3) The securityteam ML moderators are selected from the individual > membership of the securityteam ML. > > (4) The securityteam ML is nominally under the governance of the ASF - either > the AOOo podling PPMC, the Apache Security Team, or even the Foundation > Board. I think the AOOo podling PPMC should be acceptable, but we can ask the > other entities if that is not is not neutral enough. We may ask the TDF to > neutrally host some component and it would make sense for each entity to > trust the neutrality of the other entity (Rob's real point). > > (5) No iCLAs are required. > > (6) A set point for membership is determined when at least AOOo, TDF, and any > other OOo fork/"downstreams" who might appear within a reasonably short time > period. The deadline would need to be agreed. > > (7) The [email protected] ML will be hosted by the ASF when the MX > for openoffice.org is moved to ASF Infrastructure. I do think some sort of "mission statement" along the lines I suggested would be helpful. I think you hit most of the practical points, apart from some nuancing (AOOo and LO really are peer projects at this stage, you know, we need to strenuously avoid any language implying one is in some way hierarchically superior to the other!) > >> I suggest you go to their mailing lists and make your proposals. Maybe you >> can earn TDF membership with your contributions? > > This is a reasonable place to go to ask the TDF to host some component OOo by > the TDF. > > I'm currently curious if LO uses extensions.s.oo.o and templates.s.oo.o? It does at present but there's a replacement in beta-test right now - see http://blog.documentfoundation.org/2011/09/12/libreoffice-launches-extension-and-templates-repository-for-public-beta-test/ S.
