On Thu, Apr 12, 2012 at 9:36 AM, Ross Gardler <rgard...@opendirective.com> wrote: > On 12 April 2012 09:27, Ross Gardler <rgard...@opendirective.com> wrote: >> On 12 April 2012 08:59, ant elder <ant.el...@gmail.com> wrote: >>> On Thu, Apr 12, 2012 at 8:37 AM, Ross Gardler >>> <rgard...@opendirective.com> wrote: >>>> On 12 April 2012 07:48, Dave Fisher <dave2w...@comcast.net> wrote: >>>> >>>> ... >>>> >>>>> Sorry, I can't remain mute, but I offended anyone, sorry, but this was >>>>> wrongly done. I don't know a better way.... >>>> >>>> As one of the "inner circle" I am not offended. All your points are >>>> valid. Thank you for sharing them. >>>> >>>> This was the first and, in all likelihood the last time such an >>>> unusual circumstance will arise. There is no right or wrong way of >>>> handling these things. >>>> >>>> Had we included x then y would have felt excluded, this is what we are >>>> seeing here. However, the line must be drawn somewhere. >>>> >>> >>> Surely at the ASF the line is at PMC membership. If only a subset of >>> the PPMC is trusted enough to be part of some inner circle then the >>> PPMC should be disbanded and reformed from just that inner circle. >> >> This is a podling with a very unusual history. it is not as simple as >> that. However, your general observation is a valid one. The time for >> addressing this is during incubation when it becomes possible to >> determine who is contributing positively to the running of the PPMC. > > I should also point out that the perception that information was kept > to a limited group implies mistrust of PPMC members is *false*. The > PPMC have an appointed security team just as many top level PMCs do > that team is tasked with handling security issues and it did so in > this case. > > As has been noted, this was *not* an ASF release, only one > *facilitated* by the ASF in the interests of supporting legacy users > of a project that has come to incubation. It is a very unusual > situation to which normal ASF policy does not apply. Handling it > outside normal ASF processes does not imply a problem with those > processes or the PPMC. > > Ross >
Ross, I'm not trying to stick an oar in or anything and i don't know the details of what was done other than whats in this thread here, it just seems odd to me and it seems like there is some acknowledgement that this wasn't done perfectly so we the Incubator PMC should understand what happened. Sure there are other security teams but AFAIK they operate in conjunction with PMCs and keep PMCs in the loop that something is going on just withholding precise details of the vulnerability. ...ant --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
