On Oct 25, 2011, at 10:55 AM, Michael Meeks wrote: > > On Tue, 2011-10-25 at 10:22 -0700, Dave Fisher wrote: >> You are welcome! I'm looking for common ground and I am trying to listen to >> logic. > > :-) > >>> So where does that leave us ? one approach that hasn't been discussed >>> (and is perhaps a good compromise) - is for me to go ahead and setup the >>> list @freedesktop, and for you guys to advertise the @ooo alias on your >>> pages, and us to advertise the freedesktop one on ours. > .. >>> What do you think ? >> >> I think we are getting somewhere. The last detail is which is the real ML >> and which is the forwarder. While the AOOo project might prefer to have > > Fair point - for ultra-fairness we should perhaps publish two > forwarding addresses - securityteam@oo.o and securityteam@tdf one each, > both pointing at the neutrally hosted list.
This leads to an interesting approach that can be taken by any peer. (1) There is a neutrally hosted Security ML for all Peers. Individuals are signed up representing one or more peers. The individuals are private. The peers are public. LO, AOOo, ODF Toolkit, RedOffice, Lotus Symphony, ... (2) Each peer project can maintain their own private security list. (3) Each peer project has an email forwarder that forwards email to (1) and optionally (2). (4) Each peer project should have a security page with links to any private security list and when to use the neutrally hosted / shared list. Having a public list of the peers on the shared list is essential to properly informing the user where they are sending their security report. If the peer list included links to each peer's security web page that would be helpful. A neutral domain name like "office-security.org" would be registered. Perhaps Team OpenOffice can help by buying the domain and setting up Mailing list hosting. I suspect that hosting details can be discussed among the securityteam@oo.o members. Regards, Dave