I also have to say - similar to what Dennis said - that if we're making
a specific proposal for ways to address security concerns that it
absolutely needs to be in a new thread, with a clear title and a clear
and detailed proposal.
There are far too many threads going on for enough people in the PPMC to
be able to have a good understanding of all of them.
Also, 72 hours is the minimum for seeking lazy consensus. For something
as important as security, I might suggest giving it a longer time.
- Shane
On 10/25/2011 6:44 PM, Dennis E. Hamilton wrote:
Dave, if you are going to do that, just relabeling a thread is not helpful.
Please compose a specific concrete proposal under a [DISCUSS], and announce the
duration and end-time for a lazy consensus at the top.
Give it at least 3 full 24-hour calendar days.
I don't have any sense that there is alignment yet, but there may be in that
time and I am happy to be mistaken. Then at the end, if there is a consensus,
please report what it is.
- Dennis
-----Original Message-----
From: Dave Fisher [mailto:dave2w...@comcast.net]
Sent: Tuesday, October 25, 2011 15:35
To: ooo-dev@incubator.apache.org
Cc: flo...@documentfoundation.org
Subject: Re: [proposal] Neutral / shared security list ...
Hi -
Sorry to reply to myself.
Even though there are choices in this email. Please view it as a proposal.
Where we are seeking lazy consensus.
On Oct 25, 2011, at 3:26 PM, Dave Fisher wrote:
On Oct 25, 2011, at 3:18 PM, Simon Phipps wrote:
On Wed, Oct 26, 2011 at 12:04 AM, Dave Fisher<dave2w...@comcast.net> wrote:
Agreed. We need to pick a neutral domain name. office-security.org is
apparently free.
Some institution needs to buy domain registration. I've been the volunteer
registrar for a social groups domain, it is a pain to transition. This needs
to be an institution, it could be Team OOo?
I think they are too close to the matter. SPI exists specifically to hold
assets in trust - perhaps they would hold the registration for us all? If
we agree I'd be happy to volunteer to contact them.
It's also possible we could ask OSI to do it - Jim Jagielski and I are both
on the Board at present.
These are both interesting ideas.
The proposal is to pick a domain and get registration Simon volunteers to help.
An ISP for hosting the private ML needs to be selected. Dennis suggests
that the ASF could be that ISP for free.
<slight snip/>
And:
<insert>
On Oct 25, 2011, at 2:51 PM, Florian Effenberger wrote:
<snip/>
If we basically agree that such a list as outlined by me is a way to go, I am
happy to ask a friend of mine who has a very good reputation in being a mail
server, mailing list and security expert, with a very good track record,
including all sorts of certifications. He is offering e-mail services as
business.
I just don't want to spread the name publically without asking him first, and I
don't want to ask him, before we have some common understanding. :-)
</insert>
The proposal is for the exiting securityteam to choose, the above are two
possibilities.
securityteam@oo.o is migrated to whatever the new list is, and those
people start administrating.
I think it is very important for the public to know who all of the projects
are on the shared ML.
I propose that this shared security team provide a list of participating peers
to the public.
Are we done already :-)
Let's let the world revolve to see if we have some Consensus.
Revolve 3x or 72 hours.
Regards,
Dave
Regards,
Dave
Regards,
Dave
That is fair to anyone, does not exclude anyone, does not benefit one
over the other -- it's easy, simple, and the best way to go. Sure,
everyone can create own aliases pointing to that list, but the core is
the same, and that's what matters.
If you folks now start complaining about we don't trust Apache, we can
answer by complaining you don't trust TDF and so on. It's a horrible
waste of time, it's lame, it does not help anyone, and it makes me doubt
we're talking amongst adults, seriously.
And, really, all this crap being tossed around about trustworthiness,
upstream, downstream, code similarities and insults is worth not even
the digital paper it's written on.
I made a simple, plain, and easy proposal. Don't make things overly
complicated, folks.
Thanks for considering,
Florian
--
Florian Effenberger<flo...@documentfoundation.org>
Steering Committee and Founding Member of The Document Foundation
Tel: +49 8341 99660880 | Mobile: +49 151 14424108
Skype: floeff | Twitter/Identi.ca: @floeff
--
Simon Phipps
+1 415 683 7660 : www.webmink.com
