Florian, There is one important concern for a community security list: not all neutral locations are created equal, from a security point of view. There is more required for a security list than for an ordinary mailing list, even a supposedly private mailing list.
I don't know what practices TDF offers with regard to such a hosting. That would be more important to me than a neutral domain name. I do have a sense of what ASF offers. (And this is not about the AOOo podling or who is on that project.) For any other contender, the trustworthiness of the site as a location for a security list is important. This is different than the issues of trust that exist with regard to governance and the participation on the security list. It is not a trivial matter. - Dennis -----Original Message----- From: Florian Effenberger [mailto:[email protected]] Sent: Tuesday, October 25, 2011 14:34 To: [email protected] Subject: Re: Neutral / shared security list ... Hello Ian, Ian Lynch wrote on 2011-10-25 19:18: > Well babies are usually made from love and tenderness (unless it's a > mistake) and I don't see too much of that in this approach. At least to get > started why not do it on a neutral list? Florian has made a perfectly > reasonable case for it. Is that so much to give up just to get something > going? In terms of baby making I'd say we need some serious marriage > guidance before even talking about getting in bed together never mind > wrapping anything in latex. thank you for being reasonable and seeing what my proposal intends -- really, that's truly appreciated. Seeing all those proposals coming in -- no list at all, everyone forwards to each other etc. -- simply makes no sense. It creates overhead, it makes things slow, and that just for the sake of not agreeing to a simple proposal, it feels. To sum up my proposal again: If we are on neutral grounds, nobody loses anything, but we all can win. It is not about telling any entity is not trustworthy enough -- it simply is the easiest solution for a topic that has been cooking for weeks now. The easiest solution -- and anyone with common sense should agree -- is to have a shared list on neutral grounds. Not involving ASF, AOOo, TeamOOo, neither TDF, LibO, FrODeV. That is fair to anyone, does not exclude anyone, does not benefit one over the other -- it's easy, simple, and the best way to go. Sure, everyone can create own aliases pointing to that list, but the core is the same, and that's what matters. If you folks now start complaining about we don't trust Apache, we can answer by complaining you don't trust TDF and so on. It's a horrible waste of time, it's lame, it does not help anyone, and it makes me doubt we're talking amongst adults, seriously. And, really, all this crap being tossed around about trustworthiness, upstream, downstream, code similarities and insults is worth not even the digital paper it's written on. I made a simple, plain, and easy proposal. Don't make things overly complicated, folks. Thanks for considering, Florian -- Florian Effenberger <[email protected]> Steering Committee and Founding Member of The Document Foundation Tel: +49 8341 99660880 | Mobile: +49 151 14424108 Skype: floeff | Twitter/Identi.ca: @floeff
