Rob, Some points and a slight criticism about your style which is to put it mildly an acquired taste.
On Oct 25, 2011, at 8:41 AM, Rob Weir wrote: > On Tue, Oct 25, 2011 at 11:24 AM, Dave Fisher <[email protected]> wrote: >> Hi Michael, >> >> On Oct 25, 2011, at 3:47 AM, Michael Meeks wrote: >> >>> Hi Dave, >>> >>> On Mon, 2011-10-24 at 16:25 -0700, Dave Fisher wrote: >>>> Not sure how much this is like your original proposal, but maybe the >>>> following is acceptable: >>>> >>>> (1) The [email protected] continues. >>> >>> As mentioned, not happy about an openoffice.org domain; LibreOffice is >>> not openoffice.org, that is not really neutral. >> >> Understood. It is a requirement for a neutral address. On our side it is a >> desire for the same address Rob - you've been misquoting Michael about neutral. Here he expressed his view succinctly. I also think you might have finally have made clear about what you mean by "neutrality" in your exchange with Florian. I think you mean a measure of trust, but verify. <snip> >>> >>> So - I am still fairly firmly convinced that this security thing is >>> not >>> going to pan out. Here is my potted history of it: >>> >>> * initial request for continuing the traditional, >>> friendly cross membership of security lists >>> + turned down at AOOoI: Apache Committers only >>> * requests for a neutral list with neutral name turn into: >>> + ASF & openoffice.org -are-neutral-; proof by assertion >>> * more compromise proposals arrive >>> + these have high level ASF governance hard-wired >> >> I can see how you would perceive the history this way. >> >> I think it would help to have a single ML and I think that is more important >> than the address. [email protected] can be made to forward to that >> address if necessary. >> >>> This doesn't make it seem like we're going anywhere productive, which >>> is fine - there is no huge problem with having two separate public >>> facing security lists that can have cross membership on them. >>> >>> Since there is no TDF affiliated admin for the currently suggested, >>> Apache controlled, 'neutral' security list, extracting a membership list >>> of that would be appreciated - so we can mirror it in a suitable other >>> place. >> >> It would be good for the AOOo PPMC to see this list as well. I think that >> the actual membership should be shared in private. Would someone with >> appropriate karma on the OOo MLs please provide this. >> > > -1 to that. Sharing subscriber lists with other organizations is a > violation of trust and violates personal data protection. -1 is anti-social. -1 to your -1. Please stop these -1s. You don't win any friends this way. You drive people away. I had to waste time being annoyed. > However, if someone wants to send a note to securityteam, inviting > members to subscriber to another list, as an opt-in, that would > address those concerns. If the AOOo podling is responsible for the governance of the [email protected] list then it deserves to know who the heck is on the list. If the "PEER" constituents of a shared [email protected] (or whatever list is decided) cannot know the membership of that list then then the project should have zero to do with that list. I know that the situation is not this extreme, but your -1s invite extreme reactions. > > But it would be good to think this through, and see if we can avoid an > infinite regress of mailing lists. We already have ooo-security and > tdf-security and securityteam. Are we really going to create a 4th > one based on one person's irrational distrust of Apache? What if we > create that list and someone else expresses irrational distrust of > that list? (And don't say it could not happen). And then the same > thing with a 5th list? I think it is easier just to work toward a > security list with rational participants on it. We are deciding what to do with [email protected]. Does it continue or is it replaced by another list? We are NOT deciding on 4th or 5th lists. Put those cats back in your hat, they are distractions for a rainy day. (Yes, I learned recursion from Dr. Seuss!) Regards, Dave > > -Rob > >>> I'm also minded to consider the relative grief of endlessly re-hashing >>> this issue vs. actually fixing whatever bugs are found. Can we not just >>> move on. >> >> You suggested: [email protected] >> >> The comment was that this was not an appropriate domain name as not all of >> the "Office Space" is Linux. So, the open question is where the list is >> hosted. >> >> Martin mentions hosting at Team OpenOffice, but that fails your neutrality >> test doesn't it? >> >> Regards, >> Dave >> >> >>> >>> All the best, >>> >>> Michael. >>> >>> -- >>> [email protected] <><, Pseudo Engineer, itinerant idiot >>> >> >>
