On Wed, Oct 12, 2011 at 12:39 PM, Dennis E. Hamilton <dennis.hamil...@acm.org> wrote: > I confess that I am having trouble extracting concrete actionables from > Ross's request. I need to reread the thread from the beginning. > > One thing, off-hand. I believe the commitment is to support mutual security > concerns via security@ OO.o or any successor, not via some special > arrangement with TDF security. On behalf of that, ooo-security@ has become > an observer at security@ OO.o. Having members on security@ OO.o has not yet > been established. It is also proposed to stabilize custodianship of > security@ OO.o using Apache hosting. That will require ensuring that > treatment of all participants on security@ shall be even-handed and > professional, and demonstrating that Apache can be counted on for that. > > If that is a matter that the Board might wish to be aware of, it might be > said more succinctly. > > Also, I would recommend that, because the start-up of something so > challenging as AOOo is so daunting, and the fact that IP clearance work is > ongoing, that the OpenOffice.org podling be kept on monthly reporting for the > quarterly reporting cycle the podling is now in. >
To me that suggests we concentrate on the work that we need to do, and not reports. Can you name one useful thing that we've ever heard back from the ASF Board based on any of our other reports? Why would more frequent reports help us? Not that I'd object, if you're volunteering to write them. > - Dennis > > > > > -----Original Message----- > From: Ross Gardler [mailto:rgard...@opendirective.com] > Sent: Wednesday, October 12, 2011 06:05 > To: ooo-dev@incubator.apache.org > Subject: Re: PMC report for October 2011 > > On 12 October 2011 13:51, Rob Weir <robw...@apache.org> wrote: >> On Wed, Oct 12, 2011 at 6:34 AM, Ross Gardler >> <rgard...@opendirective.com> wrote: >>> Before I sign off I'd like to see the report address external >>> communications explicitly. >>> >>> The project has a real problem right now with asserting itself as the >>> OpenOffice.org project and defining how it will interact with >>> downstream projects. Is the community going to take ownership of this? >>> >>> It would be nice to see a statement from the PPMC making it explicit >>> what they wish to tackle and, where possible, how. For example, after >>> a flurry of discussion about improved security reporting processes and >>> collaboration opportunities is the PPMC going to deliver or will this >>> just die down and go away? >>> >> >> In that other long thread -- and it is understandable if you missed >> this -- I said: > > I did see your statement, I'm hoping the PPMC will rally behind it in > time to be able to put it something like it in the board report and > make it official ;-) > > I didn't comment on your original proposal, as I don't have the time > to monitor another mailing list (nor the skills in the case of > security issues). Others might be interested in helping, but they > won't see it in that thread. > >> So I'm proposing that a couple Apache members step up to the plate on >> this as well. What do you say? > > If you feel this is important than flag it in the board report. Part > of the purpose of the board report is to indicate what the foundation > as a whole can do to help the project. It is true that your mentors > are here to help realise that, and in this case the board will > probably just assume the mentors are helping. However, when you are a > top level project that will not be the case. Hence my suggestion that > this might be appropriate for your report. It is a community issue > that would benefit from the experience we can find at board level. > > Please note, however, that my request was not solely about security > issues, it's also about management of press around the project and its > trademarks. If you are not yet ready to make a statement about that > then that's fine, but we probably want to think about it in the > future. > > Ross > >
