On Wed, Nov 30, 2011 at 7:41 AM, Christian Lohmaier <[email protected]> wrote: > Hi Rob, > > On Wed, Nov 30, 2011 at 1:13 PM, Rob Weir <[email protected]> wrote: >> On Tue, Nov 29, 2011 at 11:45 AM, Pedro Giffuni <[email protected]> wrote: >>> Hello guys; >>> >>> --- On Tue, 11/29/11, Dave Fisher <[email protected]> wrote: >>> >>>> Hi Michael, >>>> >>>> While some might have hoped for another proposal and >>>> discussion prior to action, thank you for going ahead where >>>> there was clearly no consensus for specific action on the >>>> AOO side. >>>> >>> >>> As I see it, this list is not official. The AOO PPMC has no >>> influence whatever over it, but that is precisely the type >>> of "neutrality" the involved actors wanted. >>> >> >> Remember, we had a securityteam mailing list already. LO folks were >> subscribed to it. We (the AOO security team) have been working >> closely with them on reported security issues. This included analysis >> and sharing of patches. (Yes, Apache and LO members shared patches). >> So among the people actually involved in the security reporting and >> resolution process, we had a system that worked. > > You-are-kidding-me. > > The whole thing was stirred up because you (Apache-OOo) claimed you > would not know anything about the vulnerabilities that were fixed in > LO. > Starting with this: > http://mail-archives.apache.org/mod_mbox/incubator-ooo-dev/201110.mbox/%3cae2e5b53-710b-4ed4-81b7-f5c386281...@zimbra60-e10.priv.proxad.net%3E > > and lots and lots of messages that did follow. > > So it was not working since there was apparently lack of communication > on ApacheOOoI's end. >
And that was fixed quite some time ago, by subscribing ooo-security to the securityteam list. The collaboration between AOO and LO security experts that I was speaking about has taken place since that, even since that initial thread. So it was working, except in the minds of those who refused to give it a try. >> But this did not seem to please Michael and Simon, people who were not >> part of this process. To their outside and highly political view, it >> was not neutral enough. So they unilaterally pushed through another >> list. > > You're making a dick of yourself. Some decorum on the list, please, or remove yourself. > The security-list topic has been discussed at length spanning multiple > weeks. Stop acting so surprised about it and especially don't deny > that the discussion took place. This is ridiculous. > No one is acting surprised or claim that there was not a discussion. > That being said: Yes, apache-camp did disagree about the definition of > "neutral" - TDF/LO's view is: A list carrying the trademark of one of > the products is not neutral. No matter how nice its management is > done. The email-address where people should report issues carries a > clear stamp, and is therefore not neutral. > >> The status quo was working and no counter proposal had consensus. > > No - it was not working, and the same way you do argument, Michael can > argument with "lazy consensus" that is quoted so conveniently. > Michael is not a committer on this project. He cannot claim lazy consensus. >> Maybe some disagree and were unhappy that their personal preferences >> did not get universal acclamation, but *how* we decide these questions >> is as important as *what* we decide. This was a very poor example >> of decision making. In fact I would not call it community decision >> making at all. It was just Michael acting alone. > > That is your personal crusade against Michael Meeks/SuSE. Keep that > stuff out of it. Seriously. You're really making a kindergarten out of > it. > I sorry you think that way. I really care a lot about unbiased neutral views like yours. -Rob > ciao > Christian
