On Oct 25, 2011, at 4:05 PM, Rob Weir wrote: > On Tue, Oct 25, 2011 at 7:01 PM, Dennis E. Hamilton > <[email protected]> wrote: >> Oh, and the most important part: >> >> In want way is the AOOo party to the consensus that is reached? That >> ooo-security (an agent of the PPMC, essentially) will participate in the >> described community arrangement if established? Something else? >> > > It would be good to also include in the proposal how IP will be > treated. By my reading of the iCLA this would not be covered, since > it is not an Apache list. We'd need to make some other agreement, > take it to legal-discuss, etc.
I'm not so sure. ooo-security is responsible for assuring that security fixes for AOOo are AL2 compatible. If the shared security group is not producing compatible IP in response to a security threat that is a different problem. If it happens often then ooo-security will need to discuss this with ooo-private. We can make it a mission statement of this group to help all the peers produce fixes that are compatible with their licenses. I don't think we can guarantee all individuals on the team will be able to always do so. Requiring such an affirmation is clearly a blocker for some individual's participation. Regards, Dave > >> I think that would be essential to bringing this to a successful conclusion. >> >> -----Original Message----- >> From: Dennis E. Hamilton [mailto:[email protected]] >> Sent: Tuesday, October 25, 2011 15:45 >> To: '[email protected]' >> Cc: 'Dave Fisher' >> Subject: RE: [proposal] Neutral / shared security list ... >> >> Dave, if you are going to do that, just relabeling a thread is not helpful. >> >> Please compose a specific concrete proposal under a [DISCUSS], and announce >> the duration and end-time for a lazy consensus at the top. >> >> Give it at least 3 full 24-hour calendar days. >> >> I don't have any sense that there is alignment yet, but there may be in that >> time and I am happy to be mistaken. Then at the end, if there is a >> consensus, please report what it is. >> >> - Dennis >> >> -----Original Message----- >> From: Dave Fisher [mailto:[email protected]] >> Sent: Tuesday, October 25, 2011 15:35 >> To: [email protected] >> Cc: [email protected] >> Subject: Re: [proposal] Neutral / shared security list ... >> >> Hi - >> >> Sorry to reply to myself. >> >> Even though there are choices in this email. Please view it as a proposal. >> Where we are seeking lazy consensus. >> >> On Oct 25, 2011, at 3:26 PM, Dave Fisher wrote: >> >>> On Oct 25, 2011, at 3:18 PM, Simon Phipps wrote: >>> >>>> On Wed, Oct 26, 2011 at 12:04 AM, Dave Fisher <[email protected]> >>>> wrote: >>>> >>>>> >>>>> Agreed. We need to pick a neutral domain name. office-security.org is >>>>> apparently free. >>>>> >>>>> Some institution needs to buy domain registration. I've been the volunteer >>>>> registrar for a social groups domain, it is a pain to transition. This >>>>> needs >>>>> to be an institution, it could be Team OOo? >>>>> >>>> >>>> I think they are too close to the matter. SPI exists specifically to hold >>>> assets in trust - perhaps they would hold the registration for us all? If >>>> we agree I'd be happy to volunteer to contact them. >>>> >>>> It's also possible we could ask OSI to do it - Jim Jagielski and I are both >>>> on the Board at present. >>> >>> These are both interesting ideas. >> >> The proposal is to pick a domain and get registration Simon volunteers to >> help. >> >> >>> >>>> >>>> >>>>> >>>>> An ISP for hosting the private ML needs to be selected. Dennis suggests >>>>> that the ASF could be that ISP for free. >>> >>> <slight snip/> >>> >>> And: >>> >>> <insert> >>> >>> On Oct 25, 2011, at 2:51 PM, Florian Effenberger wrote: >>> >>> <snip/> >>> >>>> >>>> If we basically agree that such a list as outlined by me is a way to go, I >>>> am happy to ask a friend of mine who has a very good reputation in being a >>>> mail server, mailing list and security expert, with a very good track >>>> record, including all sorts of certifications. He is offering e-mail >>>> services as business. >>>> >>>> I just don't want to spread the name publically without asking him first, >>>> and I don't want to ask him, before we have some common understanding. :-) >>>> >>> >>> >>> </insert> >> >> The proposal is for the exiting securityteam to choose, the above are two >> possibilities. >> >> >>> >>> >>>>> >>>>> [email protected] is migrated to whatever the new list is, and those >>>>> people start administrating. >>>>> >>>>> I think it is very important for the public to know who all of the >>>>> projects >>>>> are on the shared ML. >> >> I propose that this shared security team provide a list of participating >> peers to the public. >> >>>>> >>>>> Are we done already :-) >>> >>> Let's let the world revolve to see if we have some Consensus. >> >> Revolve 3x or 72 hours. >> >> Regards, >> Dave >> >>> >>> Regards, >>> Dave >>> >>>>> >>>>> Regards, >>>>> Dave >>>>> >>>>>> >>>>>> That is fair to anyone, does not exclude anyone, does not benefit one >>>>>> over the other -- it's easy, simple, and the best way to go. Sure, >>>>>> everyone can create own aliases pointing to that list, but the core is >>>>>> the same, and that's what matters. >>>>>> >>>>>> If you folks now start complaining about we don't trust Apache, we can >>>>>> answer by complaining you don't trust TDF and so on. It's a horrible >>>>>> waste of time, it's lame, it does not help anyone, and it makes me doubt >>>>>> we're talking amongst adults, seriously. >>>>>> >>>>>> And, really, all this crap being tossed around about trustworthiness, >>>>>> upstream, downstream, code similarities and insults is worth not even >>>>>> the digital paper it's written on. >>>>>> >>>>>> I made a simple, plain, and easy proposal. Don't make things overly >>>>>> complicated, folks. >>>>>> >>>>>> Thanks for considering, >>>>>> Florian >>>>>> >>>>>> -- >>>>>> Florian Effenberger <[email protected]> >>>>>> Steering Committee and Founding Member of The Document Foundation >>>>>> Tel: +49 8341 99660880 | Mobile: +49 151 14424108 >>>>>> Skype: floeff | Twitter/Identi.ca: @floeff >>>>>> >>>>> >>>>> >>>> >>>> >>>> -- >>>> Simon Phipps >>>> +1 415 683 7660 : www.webmink.com >>> >> >>
