Malte Timmermann wrote:
Hi,
security is a really important topic, and it should get better
visibility/attention on OOo.
...
I thought it would be a good idea to start a security project, which
could take care for security and privacy related things long term.
I would like to ask all of you to support and to vote for this new
project, as proposed below.
+1
----------------------------------
MISSION STATEMENT
The goal of the security project is to work on security and privacy
related improvements and features in OpenOffice.org.
Solutions need to be analyzed and discussed in a wider audience, before
implementations in OpenOffice.org start.
PROJECT PROPOSAL
Members of the security project will help improving OpenOffice.org
security and privacy by identifying possible security and privacy issues
and by elaborating solutions.
This includes general topics like encryption, password handling, digital
signatures and certificate handling.
The solution won't necessarily be implemented by members of the security
team. Members of the project have some skills in the area of security
and privacy, but don't necessarily need to be very familiar with the
OpenOffice.org code base.
The Security Project should also work on security and privacy issues
with regard to the OpenOffice.org web site.
Yes - That would make sense, IMO.
This project supplements the efforts of the OpenOffice.org security team
and will not supersede it. Undisclosed security vulnerabilities will
still be handled by the security team alone, as well as the security
bulletins and alerts, because such information can not be disclosed in
advance to members of a project where everybody can join.
However, I am not certain about this decision to not move the current
security team into the new project.
Would it not be just as viable a vision that the 'Security Project' have
working groups. The current 'Security team' it seems to me would be a
good example of such a group. The 'team' could still perform functions,
as needed, in this insular mode.
As a long term goal, the security project could do some deeper security
investigations in the existing code base, or elaborate some security
related guidelines for developers.
Again - Why are you making such a point to exclude developers from the
project. It appears to me that the current development staff
(predominantly here I am thinking of the paid staff) work in a matrixed
fashion to a large degree already. (of course I may be totally wrong on
that)
We invite the OpenOffice.org community to join the project and help
us ensure that OpenOffice.org remains safe and reliable for all users.
Best wishes,
Drew
---------------------------------------------------------------------
To unsubscribe, e-mail: discuss-unsubscr...@openoffice.org
For additional commands, e-mail: discuss-h...@openoffice.org
