Andrew, I think part of the confusion is from the discussion leading up to the creation of ooo-security and some related discussion about why securityteam@ was not enough at that time.
Without getting into the he-said,she-said part of it, that seems to be the origin. There was more when the TDF announcement about a CVE came up and securityteam@ was discussed in that context. In the face of that, I think it is essential that there be a trustworthy statement to the effect that none of the things that have not happened will also not happen when ASF has custody. Absent that, this situation continues. Perhaps even despite that. But such an ASF-backed [PPMC] declaration would accomplish a great deal, it seems to me. - Dennis -----Original Message----- From: Andrew Rist [mailto:[email protected]] Sent: Tuesday, October 25, 2011 15:59 To: [email protected] Subject: Re: Neutral / shared security list ... I will drop off this thread after this post, as it seems that things are working toward a solution. I would suggest though that it is rather frustrating to see all of this ink and blood spilt over what seems to be a misunderstanding. --continued inline -- On 10/25/2011 3:40 PM, Florian Effenberger wrote: > Hi, > > Andrew Rist wrote on 2011-10-26 00:34: >> I do not understand why this is easier than continuing on the existing >> list. > > when I asked that last time, I heard various replies: > > - You need to be an iCLA signer to be on that list. You don't - you never have. This list has been in existence for several years, and this has not changed. > > - You need to be an Apache contributor to be on that list. You don't - you never have. This list has been in existence for several years, and this has not changed. > > - We have no administrative access to that list. This had not been an issue to date - it seems that this is solvable, and a way to create trust between the communities. I'll add another issue that has been thrown out - people getting thrown off the list or excluded This also has not happened. Thus, it is a bit frustrating to listen to this conversation and the search for a cure to a problem that may not have actually ever existed. </rant> Andrew > > In the meantime, a bunch of other proposals have come in. > > Looking at the history of this issue (Michael outlined it very well), > I think a neutral, trusted ground is the best way to cooperate in this > matter. > > And again, I think everyone benefits the same from my proposal, with > no one overly preferred, and nobody losing anything. It demands the > same from everyone. > > Florian > -- Andrew Rist | Interoperability Architect OracleCorporate Architecture Group Redwood Shores, CA | 650.506.9847
