On Oct 25, 2011, at 4:01 PM, Dennis E. Hamilton wrote: > Oh, and the most important part: > > In want way is the AOOo party to the consensus that is reached? That > ooo-security (an agent of the PPMC, essentially) will participate in the > described community arrangement if established? Something else?
The assumption is that whoever we have on ooo-security that is on securityteam@oo.o will be the PPMC's agent on securityteam@oo.o and its neutral successor. Should securityteam@oo.o suddenly be acceptable then the plan is simplified. > > I think that would be essential to bringing this to a successful conclusion. Yes. Regards, Dave > > -----Original Message----- > From: Dennis E. Hamilton [mailto:dennis.hamil...@acm.org] > Sent: Tuesday, October 25, 2011 15:45 > To: 'ooo-dev@incubator.apache.org' > Cc: 'Dave Fisher' > Subject: RE: [proposal] Neutral / shared security list ... > > Dave, if you are going to do that, just relabeling a thread is not helpful. > > Please compose a specific concrete proposal under a [DISCUSS], and announce > the duration and end-time for a lazy consensus at the top. > > Give it at least 3 full 24-hour calendar days. > > I don't have any sense that there is alignment yet, but there may be in that > time and I am happy to be mistaken. Then at the end, if there is a > consensus, please report what it is. > > - Dennis > > -----Original Message----- > From: Dave Fisher [mailto:dave2w...@comcast.net] > Sent: Tuesday, October 25, 2011 15:35 > To: ooo-dev@incubator.apache.org > Cc: flo...@documentfoundation.org > Subject: Re: [proposal] Neutral / shared security list ... > > Hi - > > Sorry to reply to myself. > > Even though there are choices in this email. Please view it as a proposal. > Where we are seeking lazy consensus. > > On Oct 25, 2011, at 3:26 PM, Dave Fisher wrote: > >> On Oct 25, 2011, at 3:18 PM, Simon Phipps wrote: >> >>> On Wed, Oct 26, 2011 at 12:04 AM, Dave Fisher <dave2w...@comcast.net> wrote: >>> >>>> >>>> Agreed. We need to pick a neutral domain name. office-security.org is >>>> apparently free. >>>> >>>> Some institution needs to buy domain registration. I've been the volunteer >>>> registrar for a social groups domain, it is a pain to transition. This >>>> needs >>>> to be an institution, it could be Team OOo? >>>> >>> >>> I think they are too close to the matter. SPI exists specifically to hold >>> assets in trust - perhaps they would hold the registration for us all? If >>> we agree I'd be happy to volunteer to contact them. >>> >>> It's also possible we could ask OSI to do it - Jim Jagielski and I are both >>> on the Board at present. >> >> These are both interesting ideas. > > The proposal is to pick a domain and get registration Simon volunteers to > help. > > >> >>> >>> >>>> >>>> An ISP for hosting the private ML needs to be selected. Dennis suggests >>>> that the ASF could be that ISP for free. >> >> <slight snip/> >> >> And: >> >> <insert> >> >> On Oct 25, 2011, at 2:51 PM, Florian Effenberger wrote: >> >> <snip/> >> >>> >>> If we basically agree that such a list as outlined by me is a way to go, I >>> am happy to ask a friend of mine who has a very good reputation in being a >>> mail server, mailing list and security expert, with a very good track >>> record, including all sorts of certifications. He is offering e-mail >>> services as business. >>> >>> I just don't want to spread the name publically without asking him first, >>> and I don't want to ask him, before we have some common understanding. :-) >>> >> >> >> </insert> > > The proposal is for the exiting securityteam to choose, the above are two > possibilities. > > >> >> >>>> >>>> securityteam@oo.o is migrated to whatever the new list is, and those >>>> people start administrating. >>>> >>>> I think it is very important for the public to know who all of the projects >>>> are on the shared ML. > > I propose that this shared security team provide a list of participating > peers to the public. > >>>> >>>> Are we done already :-) >> >> Let's let the world revolve to see if we have some Consensus. > > Revolve 3x or 72 hours. > > Regards, > Dave > >> >> Regards, >> Dave >> >>>> >>>> Regards, >>>> Dave >>>> >>>>> >>>>> That is fair to anyone, does not exclude anyone, does not benefit one >>>>> over the other -- it's easy, simple, and the best way to go. Sure, >>>>> everyone can create own aliases pointing to that list, but the core is >>>>> the same, and that's what matters. >>>>> >>>>> If you folks now start complaining about we don't trust Apache, we can >>>>> answer by complaining you don't trust TDF and so on. It's a horrible >>>>> waste of time, it's lame, it does not help anyone, and it makes me doubt >>>>> we're talking amongst adults, seriously. >>>>> >>>>> And, really, all this crap being tossed around about trustworthiness, >>>>> upstream, downstream, code similarities and insults is worth not even >>>>> the digital paper it's written on. >>>>> >>>>> I made a simple, plain, and easy proposal. Don't make things overly >>>>> complicated, folks. >>>>> >>>>> Thanks for considering, >>>>> Florian >>>>> >>>>> -- >>>>> Florian Effenberger <flo...@documentfoundation.org> >>>>> Steering Committee and Founding Member of The Document Foundation >>>>> Tel: +49 8341 99660880 | Mobile: +49 151 14424108 >>>>> Skype: floeff | Twitter/Identi.ca: @floeff >>>>> >>>> >>>> >>> >>> >>> -- >>> Simon Phipps >>> +1 415 683 7660 : www.webmink.com >> >