[patch] add rpm in the archive names
Hi, Under Linux, when we create .deb files, the download archive name contains _deb, avoiding confusion. It was not the case for .rpm rchive type, and lot of people download .rpm and discover later they need .deb. Since I don't know whether we can commit or not, I prefered provide a patch who fixes the problem. You'll find it at : http://ftp.educoo.org/home/ericb/patches/ apache_ooo/add_rpm_in_the_name_aooo.diff It is provided under Apache License, of course. Regards, Eric -- qɔᴉɹə Education Project: http://wiki.services.openoffice.org/wiki/Education_Project Projet OOo4Kids : http://wiki.ooo4kids.org/index.php/Main_Page L'association EducOOo : http://www.educoo.org Blog : http://eric.bachard.org/news
Re: Who wants to build OpenOffice?
Hi Mathias, Le 31 août 11 à 23:48, Mathias Bauer a écrit : OK, my Windows build was successful. Great :-) So obviously the two perl modules that didn't install properly are not needed for a standard build. I had to upgrade my Windows set too, including cygwin, and lot of binaries, but it seems to work now (build in progress). Pavel provided me the info to avoid issue with l10n module, and I used --with-lang=de fr. If nothing goes wrong, the build should end tonight To make the life easier, I created an archive of missing files, that you can find here : http://ftp.educoo.org/home/ericb/patches/apache_ooo/ Here's the configure command line I have used: ./configure \ --with-cl-home=/cygdrive/j/OOO/msvc9p \ --with-mspdb-path=/cygdrive/j/OOO/msvc9p/Common7/IDE \ --with-frame-home=/cygdrive/j/OOO/msvc9p/PlatformSDK/v6.1 \ --with-psdk-home=/cygdrive/j/OOO/msvc9p/PlatformSDK/v6.1 \ --with-midl-path=/cygdrive/j/OOO/msvc9p/PlatformSDK/v6.1/Bin \ --with-asm-home=/cygdrive/j/OOO/msvc9p \ --with-jdk-home=/cygdrive/j/OOO/jdk1.5.0_22 \ --with-csc-path=/cygdrive/j/OOO/msvc9p/SDK/v3.5 \ --with-directx-home=/cygdrive/j/OOO/msvc9p/DirectXSDK \ --with-ant-home=/ant \ --without-junit \ --enable-pch \ --enable-werror \ --with-external-tar=j:/OOO/ext_sources \ --enable-dbgutil I'll try to copy mine on the wiki too. I added --disable-mozilla Do you build mozilla from sources, or do you use pre-built binaries ? You should use all these switches, but IMHO you don't need any others. Of course you must adjust the path names. As you can see, I have installed everything to a special build hard disk and made sure that the install paths don't have blanks. It *shouldn't* be necessary to avoid blanks, but I have learned to avoid them. Being paranoid doesn't mean that they aren't after you... I completely agree : same method here : I got some Program File (Direct X SDK) , but most of the paths are without blanks. --enable-pch speeds up the build by at least 20%. I never used this option. I understand pch as pre-compiled headers (?), but I'm not sure. Can you tell us more please ? Regards, Eric -- qɔᴉɹə Education Project: http://wiki.services.openoffice.org/wiki/Education_Project Projet OOo4Kids : http://wiki.ooo4kids.org/index.php/Main_Page L'association EducOOo : http://www.educoo.org Blog : http://eric.bachard.org/news
Re: Who wants to build OpenOffice?
Build failed in autodoc module: Entering /tmp/apache_oo/ooo/main/autodoc/source/display/html Making:all_display_html.dpobj Compiling: autodoc/source/display/html/aryattrs.cxx Compiling: autodoc/source/display/html/cfrstd.cxx Compiling: autodoc/source/display/html/chd_udk2.cxx /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:413: error: '__true_type' has not been declared /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:419: error: '__false_type' has not been declared /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:537: error: '__true_type' has not been declared /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:544: error: '__false_type' has not been declared /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:775: error: '__false_type' has not been declared /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist: In instantiation of '__gnu_cxx::slistcsi::xml::Element*, std::allocatorcsi::xml::Element* ': ../../../source/inc/estack.hxx:43: instantiated from 'EStackcsi::xml::Element*' /tmp/apache_oo/ooo/main/autodoc/source/display/html/easywri.hxx:64: instantiated from here /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:419: error: 'templateclass _InputIterator void __gnu_cxx::slist::_M_assign_dispatch(_InputIterator, _InputIterator, int) [with _InputIterator = _InputIterator, _Tp = csi::xml::Element*, _Alloc = std::allocatorcsi::xml::Element*]' cannot be overloaded /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:413: error: with 'templateclass _Integer void __gnu_cxx::slist::_M_assign_dispatch(_Integer, _Integer, int) [with _Integer = _Integer, _Tp = csi::xml::Element*, _Alloc = std::allocatorcsi::xml::Element*]' /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:544: error: 'templateclass _InIterator void __gnu_cxx::slist::_M_insert_after_range(__gnu_cxx::_Slist_node_base*, _InIterator, _InIterator, int) [with _InIterator = _InIterator, _Tp = csi::xml::Element*, _Alloc = std::allocatorcsi::xml::Element*]' cannot be overloaded /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:537: error: with 'templateclass _Integer void __gnu_cxx::slist::_M_insert_after_range(__gnu_cxx::_Slist_node_base*, _Integer, _Integer, int) [with _Integer = _Integer, _Tp = csi::xml::Element*, _Alloc = std::allocatorcsi::xml::Element*]' dmake: Error code 1, while making '../../../unxlngx6.pro/obj/chd_udk2.obj' On 9/1/2011 10:33 AM, Marc-Oliver Straub wrote: RedHat Enterprise Linux 5.6 64-bit, gcc 4.1.2 ./configure --disable-mozilla --without-junit ... checking whether to enable RandR support... checking for XRANDR... no checking X11/extensions/Xrandr.h usability... no checking X11/extensions/Xrandr.h presence... yes configure: WARNING: X11/extensions/Xrandr.h: present but cannot be compiled configure: WARNING: X11/extensions/Xrandr.h: check for missing prerequisite headers? configure: WARNING: X11/extensions/Xrandr.h: see the Autoconf documentation configure: WARNING: X11/extensions/Xrandr.h: section Present But Cannot Be Compiled configure: WARNING: X11/extensions/Xrandr.h: proceeding with the compiler's result checking for X11/extensions/Xrandr.h... no configure: error: X11/extensions/Xrandr.h could not be found. X11 dev missing? Adding --disable-randr to the configure flags succeeds. However, I see the following error in the configure output: The variable COMMON_BUILD_TOOLS is set to: $SRC_ROOT/external/common Use of uninitialized value in string eq at ./set_soenv line 1987. The variable TMPDIRis set to: /tmp Now running bootstrap... On 8/31/2011 8:45 AM, Marc-Oliver Straub wrote: I'm one of those hidden people... Currently I don't have bandwidth to jump into active development, but I'd like to stay up to date. My focus is on the low-level stuff like sal, URE/UDK and IPC bridges including performance. I'm using RedHat Enterprise Linux 5. Bye, Oli On 8/30/2011 9:24 PM, Rob Weir wrote: We're blessed to have experienced OOo hackers on the list who have already jumped on the new code repository and started making improvements. But I see we have 214 people subscribed to the mailing list, including many who were not previously working on OOo code. This is great. Growing the community to bring in new developers is key to the success of the project. Do any of you want to get an AOOo dev environment set up, so you can build OpenOffice? If so, please respond to this note, and state what operating system you are interested in building on. Based on this information, we can have a discussion on how best to get you up to speed, whether via QA on this list, via IRC chat, a phone conference or maybe even a virtual machine image. -Rob
Re: Who wants to build OpenOffice?
On 01.09.2011 10:33, Marc-Oliver Straub wrote: RedHat Enterprise Linux 5.6 64-bit, gcc 4.1.2 ../configure --disable-mozilla --without-junit checking whether to enable RandR support... checking for XRANDR... no checking X11/extensions/Xrandr.h usability... no checking X11/extensions/Xrandr.h presence... yes configure: WARNING: X11/extensions/Xrandr.h: present but cannot be compiled configure: WARNING: X11/extensions/Xrandr.h: check for missing prerequisite headers? configure: WARNING: X11/extensions/Xrandr.h: see the Autoconf documentation configure: WARNING: X11/extensions/Xrandr.h: section Present But Cannot Be Compiled configure: WARNING: X11/extensions/Xrandr.h: proceeding with the compiler's result checking for X11/extensions/Xrandr.h... no configure: error: X11/extensions/Xrandr.h could not be found. X11 dev missing? Adding --disable-randr to the configure flags succeeds. you'd need to look at the config.log to see why it couldn't use the Xrandr.h. perhaps some package is missing that we don't explicitly check for. However, I see the following error in the configure output: The variable COMMON_BUILD_TOOLS is set to: $SRC_ROOT/external/common Use of uninitialized value in string eq at ./set_soenv line 1987. The variable TMPDIRis set to: /tmp seems to be this test: if ( $ENV{TMPDIR} eq ) { ToFile( TMPDIR, /tmp, e ); } else { ToFile( TMPDIR, $ENV{'TMPDIR'}, e ); } perhaps somebody who knows Perl could rewrite this so it doesn't give a spurious warning... -- PCMCIA - People Can't Memorize Computer Industry Acronyms
Re: Who wants to build OpenOffice?
It seems that RHEL5.6 contains a too old version of XRandR: configure:17552: checking whether to link to Xrender configure:17560: result: no, dynamically open it configure:17564: checking which Xrender headers to use configure:17580: result: internal configure:17637: checking whether to enable RandR support configure:17648: checking for XRANDR configure:17655: $PKG_CONFIG --exists --print-errors xrandr = 1.2 Requested 'xrandr = 1.2' but version of Xrandr is 1.1.1 configure:17658: $? = 1 configure:17671: $PKG_CONFIG --exists --print-errors xrandr = 1.2 Requested 'xrandr = 1.2' but version of Xrandr is 1.1.1 configure:17674: $? = 1 configure:17687: result: no Requested 'xrandr = 1.2' but version of Xrandr is 1.1.1 configure:17716: checking X11/extensions/Xrandr.h usability configure:17716: gcc -cconftest.c 5 In file included from conftest.c:56: /usr/include/X11/extensions/Xrandr.h:49: error: expected specifier-qualifier-list before 'Bool' /usr/include/X11/extensions/Xrandr.h:68: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'XRRQueryExtension' /usr/include/X11/extensions/Xrandr.h:69: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'XRRQueryVersion' /usr/include/X11/extensions/Xrandr.h:73: error: expected ')' before '*' token /usr/include/X11/extensions/Xrandr.h:85: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'XRRSetScreenConfig' /usr/include/X11/extensions/Xrandr.h:93: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'XRRSetScreenConfigAndRate' /usr/include/X11/extensions/Xrandr.h:104: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'XRRConfigTimes' /usr/include/X11/extensions/Xrandr.h:115: error: expected ')' before '*' token /usr/include/X11/extensions/Xrandr.h:126: error: expected ')' before '*' token /usr/include/X11/extensions/Xrandr.h:127: error: expected ')' before '*' token /usr/include/X11/extensions/Xrandr.h:128: error: expected ')' before '*' token /usr/include/X11/extensions/Xrandr.h:136: error: expected ')' before '*' token /usr/include/X11/extensions/Xrandr.h:137: error: expected ')' before '*' token /usr/include/X11/extensions/Xrandr.h:138: error: expected ')' before '*' token /usr/include/X11/extensions/Xrandr.h:139: error: expected '=', ',', ';', 'asm' or '__attribute__' before 'XRRTimes' /usr/include/X11/extensions/Xrandr.h:147: error: expected ')' before '*' token configure:17716: $? = 1 On 9/1/2011 11:47 AM, Michael Stahl wrote: On 01.09.2011 10:33, Marc-Oliver Straub wrote: RedHat Enterprise Linux 5.6 64-bit, gcc 4.1.2 ../configure --disable-mozilla --without-junit checking whether to enable RandR support... checking for XRANDR... no checking X11/extensions/Xrandr.h usability... no checking X11/extensions/Xrandr.h presence... yes configure: WARNING: X11/extensions/Xrandr.h: present but cannot be compiled configure: WARNING: X11/extensions/Xrandr.h: check for missing prerequisite headers? configure: WARNING: X11/extensions/Xrandr.h: see the Autoconf documentation configure: WARNING: X11/extensions/Xrandr.h: section Present But Cannot Be Compiled configure: WARNING: X11/extensions/Xrandr.h: proceeding with the compiler's result checking for X11/extensions/Xrandr.h... no configure: error: X11/extensions/Xrandr.h could not be found. X11 dev missing? Adding --disable-randr to the configure flags succeeds. you'd need to look at the config.log to see why it couldn't use the Xrandr.h. perhaps some package is missing that we don't explicitly check for. However, I see the following error in the configure output: The variable COMMON_BUILD_TOOLS is set to: $SRC_ROOT/external/common Use of uninitialized value in string eq at ./set_soenv line 1987. The variable TMPDIRis set to: /tmp seems to be this test: if ( $ENV{TMPDIR} eq ) { ToFile( TMPDIR, /tmp, e ); } else { ToFile( TMPDIR, $ENV{'TMPDIR'}, e ); } perhaps somebody who knows Perl could rewrite this so it doesn't give a spurious warning...
Trial upgrade of forums to phpBB v3.0.9 and sync from live
I moved my site directory tree on ooo-forums.apache.org last night. (This is the ~80 files that need to be put under svn, and that enable the site-customised forum configuration to be rebuild by one of the scripts in site/scripts and the phpBB tarballs that it pulls from the phpBB repository.) We still have to finalise where this repository location will be. It then took me ~40 mins to do a scripted rebuild bringing the forums up to phpBB v3.0.9 (current). This included pulling the latest forum backup from user.services.openoffice.org and restoring this into the local application. So if you look at http://ooo-forums.apache.org/ today then you will now see that it's running the latest version of phpBB with a clone of yesterday's live forum content. I still have some regression tests to do and some temporary D/B tweaks for this version (e.g. the forums are configured as user.services.openoffice.org and not ooo-forums.apache.org and this mucks up cookies), but it broadly looks as if we will be good to do. The work for the live cut-over will take about 30mins, with most of this is network transfer and loading and reanalyzing databases. I will coordinate a timeline with Andrew and come back with an update. Unfortunately, we will still need a nominal 24hr service outage for cut-over because of DNS propagation ripple. Regards to all Terry
draft blog post on the Linux build education event
https://blogs.apache.org/roller-ui/authoring/preview/OOo/?previewEntry=apache_openoffice_org_developer_education Are the homework items correct? Anything else participants should prepare? Note also I'm framing this as one of a series of Developer Education Events. We might want to think of this more broadly as well. Would it make sense, for example, for translators, or doc or support, or other areas of the project to also plan on outreach/education events like this, to encourage new volunteers to get involved with AOOo. -Rob
Re: Who wants to build OpenOffice?
I switched to gcc44, and get the following build error: Entering /tmp/apache_oo/svn_clean/ooo/main/xml2cmp/source/finder Compiling: xml2cmp/source/finder/dependy.cxx /tmp/apache_oo/svn_clean/ooo/main/solver/340/unxlngx6.pro/bin/makedepend: error while loading shared libraries: /tmp/apache_oo/svn_clean/ooo/main/solver/340/unxlngx6.pro/lib/libstdc++.so.6: file too short dmake: Error code 127, while making '../../unxlngx6.pro/obj/dependy.obj' dmake: '../../unxlngx6.pro/obj/dependy.obj' removed. $ file /tmp/apache_oo/svn_clean/ooo/main/solver/340/unxlngx6.pro/lib/libstdc++.so.6 /tmp/apache_oo/svn_clean/ooo/main/solver/340/unxlngx6.pro/lib/libstdc++.so.6: ASCII text $ cat /tmp/apache_oo/svn_clean/ooo/main/solver/340/unxlngx6.pro/lib/libstdc++.so.6 INPUT ( -lstdc++_nonshared /usr/lib64/libstdc++.so.6 ) Any ideas? Thanks, Oli On 9/1/2011 12:06 PM, Marc-Oliver Straub wrote: Seems like a bug in the slist header comping with gcc 4.1.2 on RHEL5.6. Comparing RHEL56 gcc 4.4.4 slist with gcc 4.1.2 slist, I noticed that the 4.4.4 version contains additional using statements: using std::__true_type; using std::__false_type; Can others please check whether their gcc 4.1.2 headers contain these statements? Is this a RedHat problem? Is this a compiler bug, and do we need to workaround this? Bye, Oli On 9/1/2011 11:45 AM, Marc-Oliver Straub wrote: Build failed in autodoc module: Entering /tmp/apache_oo/ooo/main/autodoc/source/display/html Making:all_display_html.dpobj Compiling: autodoc/source/display/html/aryattrs.cxx Compiling: autodoc/source/display/html/cfrstd.cxx Compiling: autodoc/source/display/html/chd_udk2.cxx /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:413: error: '__true_type' has not been declared /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:419: error: '__false_type' has not been declared /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:537: error: '__true_type' has not been declared /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:544: error: '__false_type' has not been declared /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:775: error: '__false_type' has not been declared /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist: In instantiation of '__gnu_cxx::slistcsi::xml::Element*, std::allocatorcsi::xml::Element* ': ../../../source/inc/estack.hxx:43: instantiated from 'EStackcsi::xml::Element*' /tmp/apache_oo/ooo/main/autodoc/source/display/html/easywri.hxx:64: instantiated from here /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:419: error: 'templateclass _InputIterator void __gnu_cxx::slist::_M_assign_dispatch(_InputIterator, _InputIterator, int) [with _InputIterator = _InputIterator, _Tp = csi::xml::Element*, _Alloc = std::allocatorcsi::xml::Element*]' cannot be overloaded /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:413: error: with 'templateclass _Integer void __gnu_cxx::slist::_M_assign_dispatch(_Integer, _Integer, int) [with _Integer = _Integer, _Tp = csi::xml::Element*, _Alloc = std::allocatorcsi::xml::Element*]' /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:544: error: 'templateclass _InIterator void __gnu_cxx::slist::_M_insert_after_range(__gnu_cxx::_Slist_node_base*, _InIterator, _InIterator, int) [with _InIterator = _InIterator, _Tp = csi::xml::Element*, _Alloc = std::allocatorcsi::xml::Element*]' cannot be overloaded /usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:537: error: with 'templateclass _Integer void __gnu_cxx::slist::_M_insert_after_range(__gnu_cxx::_Slist_node_base*, _Integer, _Integer, int) [with _Integer = _Integer, _Tp = csi::xml::Element*, _Alloc = std::allocatorcsi::xml::Element*]' dmake: Error code 1, while making '../../../unxlngx6.pro/obj/chd_udk2.obj' On 9/1/2011 10:33 AM, Marc-Oliver Straub wrote: RedHat Enterprise Linux 5.6 64-bit, gcc 4.1.2 ./configure --disable-mozilla --without-junit ... checking whether to enable RandR support... checking for XRANDR... no checking X11/extensions/Xrandr.h usability... no checking X11/extensions/Xrandr.h presence... yes configure: WARNING: X11/extensions/Xrandr.h: present but cannot be compiled configure: WARNING: X11/extensions/Xrandr.h: check for missing prerequisite headers? configure: WARNING: X11/extensions/Xrandr.h: see the Autoconf documentation configure: WARNING: X11/extensions/Xrandr.h: section Present But Cannot Be Compiled configure: WARNING: X11/extensions/Xrandr.h: proceeding with the compiler's result checking for X11/extensions/Xrandr.h... no configure: error: X11/extensions/Xrandr.h could not be found. X11 dev missing? Adding --disable-randr to the configure flags succeeds. However, I see the following error in the
Re: [ooo-user] was RE: us...@openoffice.org [Was: Re: [Discussion] d...@openoffice.org]
JIRA issue entered: https://issues.apache.org/jira/browse/INFRA-3905 -Rob On Tue, Aug 30, 2011 at 5:34 PM, Dennis E. Hamilton orc...@apache.org wrote: Hey, over here (waving arm in the air)! Yes, I will moderate ooo-users. Do you need a minimum of three? It would also be good to have one additional so we can handle the occasional CJK and Eastern European message that comes in, maybe others too, depending on what committers we have. (At least to help us tell the difference between spam and user inquiries.) - Dennis -Original Message- From: Shane Curcuru [mailto:a...@shanecurcuru.org] Sent: Tuesday, August 30, 2011 08:11 To: ooo-dev@incubator.apache.org Subject: Re: us...@openoffice.org [Was: Re: [Discussion] d...@openoffice.org] [ ... ] Personally, if there were some committers who would volunteer to moderate, I'd just create an ooo-user@ mailing list now. Almost all projects already have a user list, so it'd be worth creating one if for only to give interested users a place to start asking questions about the future plans of the podling. It also seems clear that with the OOo history and end-user base that some of the existing forums (whatever kind) will need to be continued. That's up to the project to figure out how to do and maintain. The only bigger ASF issue is ensuring that any new content added to forums that the ASF hosts is compatible with AL wherever possible. - Shane
Re: [ooo-user] was RE: us...@openoffice.org [Was: Re: [Discussion] d...@openoffice.org]
Hi Dennis, On Wednesday, 2011-08-31 18:29:02 -0700, Dennis E. Hamilton wrote: Oh, so it wasn't actually an MS Office file, but a spoof with a .doc filename? I only vaguely remember, but I think it was that way. That would definitely be hard to catch. I'm not sure what would cause it to execute though. Name it .doc and set the content type to text/html Anyway, I'm not sure about .doc anymore, the same of course works with .html and probably any other extension. Was there a condition under which the exploit could be made to be run while pretended to be a .doc file? The trigger is the content type. Eike -- PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication. Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3 9E96 2F1A D073 293C 05FD signature.asc Description: Digital signature
Incubator PMC/Board report for September 2011 (ooo-dev@incubator.apache.org)
Dear OpenOffice.org Developers, This email was sent by an automated system on behalf of the Apache Incubator PMC. It is an initial reminder to give you plenty of time to prepare your quarterly board report. The board meeting is scheduled for Wed, 21 September 2011, 10 am Pacific. The report for your podling will form a part of the Incubator PMC report. The Incubator PMC requires your report to be submitted one week before the board meeting, to allow sufficient time for review. Please submit your report with sufficient time to allow the incubator PMC, and subsequently board members to review and digest. Again, the very latest you should submit your report is one week prior to the board meeting. Thanks, The Apache Incubator PMC Submitting your Report -- Your report should contain the following: * Your project name * A brief description of your project, which assumes no knowledge of the project or necessarily of its field * A list of the three most important issues to address in the move towards graduation. * Any issues that the Incubator PMC or ASF Board might wish/need to be aware of * How has the community developed since the last report * How has the project developed since the last report. This should be appended to the Incubator Wiki page at: http://wiki.apache.org/incubator/September2011 Note: This manually populated. You may need to wait a little before this page is created from a template. Mentors --- Mentors should review reports for their project(s) and sign them off on the Incubator wiki page. Signing off reports shows that you are following the project - projects that are not signed may raise alarms for the Incubator PMC. Incubator PMC
RE: Request dev help: Info for required crypto export declaration
While here, Can Apache projects rely on Mozilla's nss (MPL)? I looked for alternatives but I only found the java based Bouncy Castle: http://www.bouncycastle.org/ cheers, Pedro. --- On Thu, 9/1/11, Dennis E. Hamilton dennis.hamil...@acm.org wrote: From: Dennis E. Hamilton dennis.hamil...@acm.org Subject: RE: Request dev help: Info for required crypto export declaration To: ooo-dev@incubator.apache.org Date: Thursday, September 1, 2011, 12:00 AM It is simplified and it isn't. But we are doing it out of order. Here is the page that I couldn't remember the location of: http://www.apache.org/dev/crypto.html - Dennis -Original Message- From: rabas...@gmail.com [mailto:rabas...@gmail.com] On Behalf Of Rob Weir Sent: Wednesday, August 31, 2011 09:31 To: ooo-dev@incubator.apache.org Subject: Re: Request dev help: Info for required crypto export declaration On Wed, Aug 31, 2011 at 12:29 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: I thought there was a short-circuit/umbrella process that doesn't require all of these details. I thought that came up on an old thread, either on the PPMC or in the early days of this list. We do need to collect and update the details, but I am not so sure we need to file a full-up declaration. There is apparently a simplified procedure and we should look for it. (I am not where I can do that right now.) Uh... but we need to know the details to know whether we can use the simplified procedure. -Rob -Original Message- From: Mathias Bauer [mailto:mathias_ba...@gmx.net] Sent: Wednesday, August 31, 2011 07:00 To: ooo-dev@incubator.apache.org Subject: Re: Request dev help: Info for required crypto export declaration Moin, please take my answers with a decent grain of salt, I'm not an expert for that area, Matthias Hütsch and Malte Timmermann certainly could answer that better, but I don't know if they are currently contributing to this list. Hopefully my remarks can help to look at the right places. Am 31.08.2011 15:03, schrieb Rob Weir: There is some paperwork we need to file based on OOo use of cryptography. Details are on the Apache website [1]. I think I can handle most of the paperwork, provided I can get some help, on this thread, establishing the basic facts. 1) Was something similar every done for OpenOffice.org? Most software companies are aware of this US export regulation and do this declaration as a matter of routine. But not all open source projects are as diligent as ASF is. So it is possible that OOo never did this before. But if they did, we could reuse much of their paperwork. AFAIR Sun did that some time ago, but I'm not 100% sure. 2) We need a list of all uses of cryptographic methods in OOo, including code that we include, but also where we enable 3rd party or OS crypto modules to plugged in. This includes both symmetrical algorithms (commonly used for encryption) as well as asymmetrical algorithms (for example, public key uses like PGP, RSA, TLS, etc.) 3) For each method, it looks like we need to state whether we authored the crypto, or name the origin of the code if it is a 3rd party. The methods I suspect are in OOo are: a) For password-protected ODF documents, we use the Blowfish block encryption method. Where did that code come from? It was an own implementation from someone who was employed by Sun at that time. In the new 3.4 code we also use AES code from the openssl library. b) What do we support for other document formats, such as DOC, OOXML or legacy StarOffice formats? Any other encryption methods? If so, what are they are what was their origin? As none of the former Oracle employed MS filter developers is listening here, maybe we could ask Kohei or Caolan from the Libre Office crew. c) We support digital signatures with ODF files as well. What algorithms are supported? Is this our original code or 3rd party? The code we use is based on the SeaMonkey or nss module. I always get confused about them, but in any way the code is external. d) Do we support digital signatures with any other file formats? No, only our own files format. e) Any other uses of encryption? f) Presumably we places that are at least enabled for SSL via OS-level resolution of https protocol URLs. Is this correct? g) But do we have any SSL (TLS) code included in our source code? If so, what is the origin of this? Open ssl, maybe something in neon, I don't know. Regards, Mathias
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 11:41 AM, Pedro F. Giffuni giffu...@tutopia.com wrote: While here, Can Apache projects rely on Mozilla's nss (MPL)? See this page on current view from Apache legal: http://www.apache.org/legal/resolved.html#category-b I looked for alternatives but I only found the java based Bouncy Castle: http://www.bouncycastle.org/ cheers, Pedro. --- On Thu, 9/1/11, Dennis E. Hamilton dennis.hamil...@acm.org wrote: From: Dennis E. Hamilton dennis.hamil...@acm.org Subject: RE: Request dev help: Info for required crypto export declaration To: ooo-dev@incubator.apache.org Date: Thursday, September 1, 2011, 12:00 AM It is simplified and it isn't. But we are doing it out of order. Here is the page that I couldn't remember the location of: http://www.apache.org/dev/crypto.html - Dennis -Original Message- From: rabas...@gmail.com [mailto:rabas...@gmail.com] On Behalf Of Rob Weir Sent: Wednesday, August 31, 2011 09:31 To: ooo-dev@incubator.apache.org Subject: Re: Request dev help: Info for required crypto export declaration On Wed, Aug 31, 2011 at 12:29 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: I thought there was a short-circuit/umbrella process that doesn't require all of these details. I thought that came up on an old thread, either on the PPMC or in the early days of this list. We do need to collect and update the details, but I am not so sure we need to file a full-up declaration. There is apparently a simplified procedure and we should look for it. (I am not where I can do that right now.) Uh... but we need to know the details to know whether we can use the simplified procedure. -Rob -Original Message- From: Mathias Bauer [mailto:mathias_ba...@gmx.net] Sent: Wednesday, August 31, 2011 07:00 To: ooo-dev@incubator.apache.org Subject: Re: Request dev help: Info for required crypto export declaration Moin, please take my answers with a decent grain of salt, I'm not an expert for that area, Matthias Hütsch and Malte Timmermann certainly could answer that better, but I don't know if they are currently contributing to this list. Hopefully my remarks can help to look at the right places. Am 31.08.2011 15:03, schrieb Rob Weir: There is some paperwork we need to file based on OOo use of cryptography. Details are on the Apache website [1]. I think I can handle most of the paperwork, provided I can get some help, on this thread, establishing the basic facts. 1) Was something similar every done for OpenOffice.org? Most software companies are aware of this US export regulation and do this declaration as a matter of routine. But not all open source projects are as diligent as ASF is. So it is possible that OOo never did this before. But if they did, we could reuse much of their paperwork. AFAIR Sun did that some time ago, but I'm not 100% sure. 2) We need a list of all uses of cryptographic methods in OOo, including code that we include, but also where we enable 3rd party or OS crypto modules to plugged in. This includes both symmetrical algorithms (commonly used for encryption) as well as asymmetrical algorithms (for example, public key uses like PGP, RSA, TLS, etc.) 3) For each method, it looks like we need to state whether we authored the crypto, or name the origin of the code if it is a 3rd party. The methods I suspect are in OOo are: a) For password-protected ODF documents, we use the Blowfish block encryption method. Where did that code come from? It was an own implementation from someone who was employed by Sun at that time. In the new 3.4 code we also use AES code from the openssl library. b) What do we support for other document formats, such as DOC, OOXML or legacy StarOffice formats? Any other encryption methods? If so, what are they are what was their origin? As none of the former Oracle employed MS filter developers is listening here, maybe we could ask Kohei or Caolan from the Libre Office crew. c) We support digital signatures with ODF files as well. What algorithms are supported? Is this our original code or 3rd party? The code we use is based on the SeaMonkey or nss module. I always get confused about them, but in any way the code is external. d) Do we support digital signatures with any other file formats? No, only our own files format. e) Any other uses of encryption? f) Presumably we places that are at least enabled for SSL via OS-level resolution of https protocol URLs. Is this correct? g) But do we have any SSL (TLS) code included in our source code? If so, what is the origin of this? Open ssl, maybe something in neon, I don't know. Regards, Mathias
Re: Request dev help: Info for required crypto export declaration
On Wed, Aug 31, 2011 at 9:30 AM, Rob Weir r...@robweir.com wrote: On Wed, Aug 31, 2011 at 12:29 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: snip 1) Was something similar every done for OpenOffice.org? Most software companies are aware of this US export regulation and do this declaration as a matter of routine. But not all open source projects are as diligent as ASF is. So it is possible that OOo never did this before. But if they did, we could reuse much of their paperwork. AFAIR Sun did that some time ago, but I'm not 100% sure. Yes, Sun did this (probably for every official release). Danese
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 11:51 AM, Danese Cooper dan...@gmail.com wrote: On Wed, Aug 31, 2011 at 9:30 AM, Rob Weir r...@robweir.com wrote: On Wed, Aug 31, 2011 at 12:29 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: snip 1) Was something similar every done for OpenOffice.org? Most software companies are aware of this US export regulation and do this declaration as a matter of routine. But not all open source projects are as diligent as ASF is. So it is possible that OOo never did this before. But if they did, we could reuse much of their paperwork. AFAIR Sun did that some time ago, but I'm not 100% sure. Yes, Sun did this (probably for every official release). If so, this might have been kept on the corporate side, not on the community website. For example, searching Google for site:openoffice.org ECCN shows several requests for this information [1] [2] [3] over the years, but no useful responses. Looks like LO discussed it briefly [4], but dismissed it under the misapprehension that since they are not in the US, the regulation is irrelevant. We'll obviously want to do better here. It may not make a much of a difference to the individual downloaded of AOOo, but this paperwork is essential for anyone who might want to bundle AOOo with laptops, for example. The location of the project is not the solitary relevant fact. The location of the users and re-distributors is the key thing. [1] http://openoffice.org/projects/www/lists/users/archive/2004-12/message/24 [2] http://openoffice.org/projects/marketing/lists/dev/archive/2005-11/message/204 [3] http://openoffice.org/projects/www/lists/users/archive/2009-12/message/653 [4] http://comments.gmane.org/gmane.comp.documentfoundation.discuss/6138 I'll check what we did for IBM Lotus Symphony. -Rob Danese
Re: Apache project community and external community
On 31 August 2011 23:16, Ross Gardler rgard...@opendirective.com wrote: On 31 August 2011 17:06, Dennis E. Hamilton dennis.hamil...@acm.org wrote: That makes no sense. I don't agree. There are other copies of the code out there managed under different licenses and different approaches. Those who choose to be here do so under their own free will. But surely the time for this particular discussion has passed, regardless of whether my version of the truth is the same as anyone elses. I'm not trying to oversimplify, I'm trying to be realistic. Pragmatism has a lot going for it IMHO :-). I run a company which was inspired by aspects of open source communities but I'm a Committer here and I am also quite willing to do what I can for LibreO or indeed any other FOSS community. Different organisational constraints but hey, if you think that's bad, try working within some of the UK government regulatory frameworks ;-). I have been a member of the OOo community for probably 10 years or so and I have had some disagreements with various people along the way. Even so, I don't see why any of that should get in the way. My view is how do we make FOSS more effective? Partly as a Committer here within the rules associated with that, partly through my business with the rules and constraints that has and partly with LibreO, why worry? If you can do what you want within the rules just do it. If you can't, do those things somewhere else where its ok. Main issue is learning what is and isn't allowable and I guess that is at least in part why there is an incubation period to give us all time to learn. -- Ian Ofqual Accredited IT Qualifications (The Schools ITQ) www.theINGOTs.org +44 (0)1827 305940 The Learning Machine Limited, Reg Office, 36 Ashby Road, Tamworth, Staffordshire, B79 8AQ. Reg No: 05560797, Registered in England and Wales.
Re: Fwd: openoffice.org not responding
On 8/31/2011 10:43 PM, Jürgen Schmidt wrote: On Wed, Aug 31, 2011 at 9:02 PM, Kay Schenkkay.sch...@gmail.com wrote: Hi Andrew-- On 08/31/2011 10:17 AM, Andrew Rist wrote: This is not related to the DNS transfer. That process has not yet begun, and appropriate warning will be given when it is. That transfer should painless when it occurs, as it will only involve changing the owner of the DNS entries, not the content of them. (looks like OOo kenai are back. I have not determined what the issue was, but it was not related to transfer of OOo or any decommissioning of the servers) well good news, but panic nonetheless. Maybe a wake-up call to get stuff moved (somewhere) as quickly as possible. Definitely a priority with me at the moment! :/ i still can't reach www.openoffice.org, api.openoffice.org or hg.services.openoffice.org, ... Juergen All three are up for me. I am guessing that the refresh on the DNS may have contributed to the problem. Andrew Andrew On 8/31/2011 5:05 AM, Dave Fisher wrote: Hi Andrew, It looks like openoffice.org is still down, odftoolkit.org is also down. It looks like all of Kenai is down. Is the dns transfer in flux, or wrong? Is there a wrong action on INFRA-3898? Please advise. Thanks, Dave Begin forwarded message: From: Simon Brouwersimon.o...@xs4all.nl Date: August 30, 2011 11:06:46 AM PDT To:ooo-dev@incubator.apache.**orgto%3aooo-...@incubator.apache.org Cc: Kay Schenkkay.sch...@gmail.com Subject: Re: openoffice.org not responding Reply-To:ooo-dev@incubator.**apache.orgreply-to%3aooo-...@incubator.apache.org Reply-To:simon.o...@xs4all.nl Hi Kay, nl.openoffice.org is up, but server response is really slow. I wanted to manage mailinglists since yesterday but had to give up getting timeout after timeout. Best regards Simon Op 30-8-2011 20:01, Kay Schenk schreef: Re Eike's post of about an hour ago. Does anyone know what's going on with openoffice.org orwww.openoffice.org. kenai.org is up but not openoffice.org. -- Vriendelijke groet, Simon Brouwer. |http://nl.openoffice.org |http://www.opentaal.org | -- Oracle Email Signature Logo Andrew Rist | Interoperability Architect Oracle Corporate Architecture Group Redwood Shores, CA | 650.506.9847 -- --**--** MzK Music expresses that which cannot be said and on which it is impossible to be silent. -- Victor Hugo -- Oracle Email Signature Logo Andrew Rist | Interoperability Architect Oracle Corporate Architecture Group Redwood Shores, CA | 650.506.9847
An invitation to committers to the OOo Community Forums
Anyone is able to join the OOo Community forums, but we also have a number of closed forums use for internal management of the site. If any committers would like to have access to these, then just make sure that they've got an active account on the current production service (not ooo-forums.apache.org) and email me me from it requesting access. I will then raise you to volunteer so that you can see the main closed forums. Please note: the forum rules apply to all and all volunteers are expected to follow them -- including me or any other committer. Regards Terry
Re: An invitation to committers to the OOo Community Forums
On Thu, Sep 1, 2011 at 12:46 PM, Terry Ellison te...@ellisons.org.uk wrote: Anyone is able to join the OOo Community forums, but we also have a number of closed forums use for internal management of the site. If any committers would like to have access to these, then just make sure that they've got an active account on the current production service (not ooo-forums.apache.org) and email me me from it requesting access. I will then raise you to volunteer so that you can see the main closed forums. -1 I propose that we eliminate any such internal management forums. Having these goes against the transparency that we should be expressing in all of our work as an Apache project. If something truly does require confidential treatment then it could be brought to the ooo-private list, where committers already have access. And equally important, ooo-private is readable by our podling mentors and by Apache Members, to ensure we do not abuse the use of such private lists. If something requires special treatment because it relates to site security, then that belongs with Apache Infra. If we're merely discussing internal management of the site on these closed forums, this may be boring to most site visitors, but that is not a sufficient reason to conduct this work in private. -Rob Please note: the forum rules apply to all and all volunteers are expected to follow them -- including me or any other committer. Regards Terry
RE: [patch] add rpm in the archive names
An alternative for patches that one is hesitant/unable to commit is to submit them with an issue on the now-live issue tracker at http://issues.apache.org/ooo/ We should be using this bug tracker heavily now. It is the best way to place material where it will be seen and reviewed without being buried in the ooo-dev list. -Original Message- From: eric b [mailto:eric.bach...@free.fr] Sent: Wednesday, August 31, 2011 23:22 To: ooo-dev@incubator.apache.org Subject: [patch] add rpm in the archive names Hi, Under Linux, when we create .deb files, the download archive name contains _deb, avoiding confusion. It was not the case for .rpm rchive type, and lot of people download .rpm and discover later they need .deb. Since I don't know whether we can commit or not, I prefered provide a patch who fixes the problem. You'll find it at : http://ftp.educoo.org/home/ericb/patches/ apache_ooo/add_rpm_in_the_name_aooo.diff It is provided under Apache License, of course. Regards, Eric -- qɔᴉɹə Education Project: http://wiki.services.openoffice.org/wiki/Education_Project Projet OOo4Kids : http://wiki.ooo4kids.org/index.php/Main_Page L'association EducOOo : http://www.educoo.org Blog : http://eric.bachard.org/news
Re: draft blog post on the Linux build education event
2011/9/1 Rob Weir robw...@apache.org: https://blogs.apache.org/roller-ui/authoring/preview/OOo/?previewEntry=apache_openoffice_org_developer_education how can I login? thanks in advance M.
Re: draft blog post on the Linux build education event
http://www.apache.org/dev/blogs.html describes the (public) preview url for blog articles. From: Rob Weir robw...@apache.org To: ooo-dev@incubator.apache.org Sent: Thursday, September 1, 2011 1:44 PM Subject: Re: draft blog post on the Linux build education event On Thu, Sep 1, 2011 at 1:37 PM, Manfred A. Reiter ma.rei...@gmail.com wrote: 2011/9/1 Rob Weir robw...@apache.org: https://blogs.apache.org/roller-ui/authoring/preview/OOo/?previewEntry=apache_openoffice_org_developer_education how can I login? Oh... I was hoping you could all see that. Darn. There was a call for logins for authors and editors for the blog a while ago [1]. Gavin gave people permission. [1] http://markmail.org/message/ez25wgbpf4z47f5g In any case, here is the text. You're missing the picture and the hyperlinks, but you can get the idea: ==Developer Education== It is September. Time for cooler weather and time to go back to school. The Apache OpenOffice.org podling is ready for the season with events to help developers learn more about OpenOffice.org. Do you want to learn how to build Apache OpenOffice.org on Linux? Do you want to take the first steps towards becoming an OpenOffice hacker? Do you want to help test, review and improve our build instructions, on any one of a variety of Linux distros? If so, you will not want to miss this event. Next week, from Wed September 7th through Saturday September 10th we will be making a concerted effort to enable everyone who wants to be able to build OpenOffice. This will be the first of a series of Developer Education topics we hope to deliver. Others may include how to build on Windows and Mac, and how to work on particular OpenOffice features. This will be a virtual event, with collaboration on the ooo-dev mailing list and on IRC. Members of the OpenOffice.org podling will be on hand to help anyone who wishes to get started with OpenOffice development on Linux. ==How to Get Involved== There are a few things you should do to prepare for this event: 1) Find a Linux machine, at least 1GB RAM and 75 GB free disk space 2) Run any updates needed to make your distro current 3) Download the latest source code for OpenOffice.org via Subversion. 4) Before Wednesday, sign up for the ooo-dev@incubator.apache.org mailing list. 5) Bookmark the OpenOffice.org Building Guide. This is the documentation we'll be following, and correcting. 6) Starting on Wednesday, follow the discussions on the ooo-dev mailing list. We'll use a subject tag of [LINUX-BUILD] for threads related to this event. 7) Also starting on Wednesday, join us on IRC: irc.freenode.net on channel #dev.openoffice.org thanks in advance M.
Re: An invitation to committers to the OOo Community Forums
On Thu, Sep 1, 2011 at 1:56 PM, Terry Ellison te...@ellisons.org.uk wrote: Rob, This was a polite invitation to committers if they wanted to see how the forums operate. I will take your -1 to mean that you don't want to take me up on the offer. Let me be clearer then. The -1 is to your proposal to invite committers and assign them permissions to a private forum. This is not a technical objection, but a policy objection. Please do not take further steps on this until we can get a Mentor to weigh in on. Thanks, -Rob Your reply is a valid topic but entirely off *this* topic. Unfortunately since this is a DL and not a forum, I can't move this to new topic which relates to your point. However, if you care to make this on another thread on the topic you discuss, then I will reply there. Can we try to maintain some thread discipline, please? Regards Terry On 01/09/11 17:59, Rob Weir wrote: On Thu, Sep 1, 2011 at 12:46 PM, Terry Ellisonte...@ellisons.org.uk wrote: Anyone is able to join the OOo Community forums, but we also have a number of closed forums use for internal management of the site. If any committers would like to have access to these, then just make sure that they've got an active account on the current production service (not ooo-forums.apache.org) and email me me from it requesting access. I will then raise you to volunteer so that you can see the main closed forums. -1 I propose that we eliminate any such internal management forums...snip
Re: ooo-users list now available
Hi Rob, Perhaps you should use the new list for the education event? Given that we haven't made any release yet I think this would also serve to feed the user archive with the build instructions. Just a thought, if this is more of a developer event and/or you also plan a walkthrough the code then I guess it's OK to keep it in -dev. Cheers, Pedro. On Thu, 1 Sep 2011 13:51:18 -0400, Rob Weir robw...@apache.org wrote: Let joy be unconfined. Let there be dancing in the streets. And thanks, Joe. Moderators are automatically subscribed, I think. Others can join with an email to ooo-users-subscribe.incubator.apache.org Follow up items, which I'd welcome help with: 1) Once the archives are created, which can take a day, we should update our lists of lists [1] [2] 2) The existing OOo users list should be notified about this new list, with instructions on how to subscribe 3) Maybe shut down the OOo users list? Or at least update the website to steer users here. 4) There was talk of a customized post footer with unsubscribe and basic support FAQ info, to reduce the incident of list rookie problems. [1] http://incubator.apache.org/openofficeorg/mailing-lists.html [2] http://incubator.apache.org/projects/openofficeorg.html
RE: [ooo-user] was RE: us...@openoffice.org [Was: Re: [Discussion] d...@openoffice.org]
I think you are right. I already have a list where orc...@apache.org is a moderator, so I will see if I can access the moderator features there. - Dennis -Original Message- From: Eike Rathke [mailto:o...@erack.de] Sent: Thursday, September 01, 2011 08:11 To: ooo-dev@incubator.apache.org Subject: Re: [ooo-user] was RE: us...@openoffice.org [Was: Re: [Discussion] d...@openoffice.org] Hi Dennis, On Wednesday, 2011-08-31 18:29:02 -0700, Dennis E. Hamilton wrote: Hmm, for (2) I think you have to use orc...@msn.com for me, then. Most of my e-mail addresses (including orc...@apache.org) are not associated with an SMTP server, if I get your drift. I think what counts is the envelope From, so if your ISP's SMTP allows you to send with an arbitrary envelope From (which is fine if the user is authenticated to the SMTP server anyway) you should be good. Eike -- PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication. Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3 9E96 2F1A D073 293C 05FD
RE: draft blog post on the Linux build education event
1. The post looks fine. 2. I had to use my author/editor login. I also can't tell whether it is post-dated. I think that is what puts them where they can be seen, but not sure. - Dennis -Original Message- From: Rob Weir [mailto:robw...@apache.org] Sent: Thursday, September 01, 2011 10:45 To: ooo-dev@incubator.apache.org Subject: Re: draft blog post on the Linux build education event On Thu, Sep 1, 2011 at 1:37 PM, Manfred A. Reiter ma.rei...@gmail.com wrote: 2011/9/1 Rob Weir robw...@apache.org: https://blogs.apache.org/roller-ui/authoring/preview/OOo/?previewEntry=apache_openoffice_org_developer_education how can I login? Oh... I was hoping you could all see that. Darn. There was a call for logins for authors and editors for the blog a while ago [1]. Gavin gave people permission. [1] http://markmail.org/message/ez25wgbpf4z47f5g In any case, here is the text. You're missing the picture and the hyperlinks, but you can get the idea: ==Developer Education== It is September. Time for cooler weather and time to go back to school. The Apache OpenOffice.org podling is ready for the season with events to help developers learn more about OpenOffice.org. Do you want to learn how to build Apache OpenOffice.org on Linux? Do you want to take the first steps towards becoming an OpenOffice hacker? Do you want to help test, review and improve our build instructions, on any one of a variety of Linux distros? If so, you will not want to miss this event. Next week, from Wed September 7th through Saturday September 10th we will be making a concerted effort to enable everyone who wants to be able to build OpenOffice. This will be the first of a series of Developer Education topics we hope to deliver. Others may include how to build on Windows and Mac, and how to work on particular OpenOffice features. This will be a virtual event, with collaboration on the ooo-dev mailing list and on IRC. Members of the OpenOffice.org podling will be on hand to help anyone who wishes to get started with OpenOffice development on Linux. ==How to Get Involved== There are a few things you should do to prepare for this event: 1) Find a Linux machine, at least 1GB RAM and 75 GB free disk space 2) Run any updates needed to make your distro current 3) Download the latest source code for OpenOffice.org via Subversion. 4) Before Wednesday, sign up for the ooo-dev@incubator.apache.org mailing list. 5) Bookmark the OpenOffice.org Building Guide. This is the documentation we'll be following, and correcting. 6) Starting on Wednesday, follow the discussions on the ooo-dev mailing list. We'll use a subject tag of [LINUX-BUILD] for threads related to this event. 7) Also starting on Wednesday, join us on IRC: irc.freenode.net on channel #dev.openoffice.org thanks in advance M.
Re: draft blog post on the Linux build education event
On Thu, 2011-09-01 at 14:27 -0400, Rob Weir wrote: On Thu, Sep 1, 2011 at 1:50 PM, Joe Schaefer joe_schae...@yahoo.com wrote: http://www.apache.org/dev/blogs.html describes the (public) preview url for blog articles. Thanks for the hint, Joe. If I understood it correctly, this version should be viewable. It works for me, but you never know when persistent cookies are playing tricks with you. http://blogs.apache.org/preview/OOo/?previewEntry=apache_openoffice_org_developer_education That worked - thanks Looks pretty good to me - I saw a comment about pointing folks to the user mailing list vs the dev mailing list - I think for this I would stick with the dev list. //drew
Re: [ooo-user] was RE: us...@openoffice.org [Was: Re: [Discussion] d...@openoffice.org]
orcmid@a.o has access to SMTP at smtps://people.apachea.org:465/ Moderators can approve emails from any address, but access to the -log, -list, and the moderator's version of -help only works from the address listed as moderator. Only infra can change the moderator addresses on a list. Dennis E. Hamilton wrote on Thu, Sep 01, 2011 at 11:38:59 -0700: I think you are right. I already have a list where orc...@apache.org is a moderator, so I will see if I can access the moderator features there. - Dennis -Original Message- From: Eike Rathke [mailto:o...@erack.de] Sent: Thursday, September 01, 2011 08:11 To: ooo-dev@incubator.apache.org Subject: Re: [ooo-user] was RE: us...@openoffice.org [Was: Re: [Discussion] d...@openoffice.org] Hi Dennis, On Wednesday, 2011-08-31 18:29:02 -0700, Dennis E. Hamilton wrote: Hmm, for (2) I think you have to use orc...@msn.com for me, then. Most of my e-mail addresses (including orc...@apache.org) are not associated with an SMTP server, if I get your drift. I think what counts is the envelope From, so if your ISP's SMTP allows you to send with an arbitrary envelope From (which is fine if the user is authenticated to the SMTP server anyway) you should be good. Eike -- PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication. Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3 9E96 2F1A D073 293C 05FD
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 7:38 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: Please just do it this way: http://www.apache.org/dev/crypto.html ASF is very clear on what is required for *its* releases and this page appears to be comprehensive. The Apache rules break down into reporting to users and notification. Informing users is important but notification is urgent (making source available [1] counts as export). (I finally found where I saw this before. It has also been discussed here or on the ooo-private list before. I remembered it as being simpler than it is.) (It looks worse than it is) Following the instructions[3], step 1 is to work out whether OOo has any unusual cryptography beyond ECCN 5D002, which is: blockquote cite='http://www.apache.org/dev/crypto.html#classify Software specially designed or modified for the development, production or use of any of the other software of this list, or software designed to certify other software on this list; or Software using a symmetric algorithm employing a key length in excess of 56-bits; or Software using an asymmetric algorithm where the security of the algorithm is based on: factorization of integers in excess of 512 bits (e.g., RSA), computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve). /blockquote Does OOo rely on cryptography more exotic than this? Robert [1] http://www.apache.org/dev/crypto.html#overview [2] http://www.apache.org/licenses/exports/ [3] http://www.apache.org/dev/crypto.html#classify
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 2:38 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: Please just do it this way: http://www.apache.org/dev/crypto.html That's what I've been looking at from the start. I don't just make these things up in my sleep. ASF is very clear on what is required for *its* releases and this page appears to be comprehensive. Yes, and for the very first step, we need to classify per an ECCN code. To do that we need to understand the cryptographic support the code provides. I think we should try to understand this in detail, even if it just boils down ultimately to a code for this regulation. These details are also relevant to procurement regulations for the Federal government, and other governments as well. So it will be good have a comprehensive list of what algorithms we are using in general. -Rob (I finally found where I saw this before. It has also been discussed here or on the ooo-private list before. I remembered it as being simpler than it is.) - Dennis -Original Message- From: rabas...@gmail.com [mailto:rabas...@gmail.com] On Behalf Of Rob Weir Sent: Thursday, September 01, 2011 09:15 To: ooo-dev@incubator.apache.org Subject: Re: Request dev help: Info for required crypto export declaration On Thu, Sep 1, 2011 at 11:51 AM, Danese Cooper dan...@gmail.com wrote: On Wed, Aug 31, 2011 at 9:30 AM, Rob Weir r...@robweir.com wrote: On Wed, Aug 31, 2011 at 12:29 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: snip 1) Was something similar every done for OpenOffice.org? Most software companies are aware of this US export regulation and do this declaration as a matter of routine. But not all open source projects are as diligent as ASF is. So it is possible that OOo never did this before. But if they did, we could reuse much of their paperwork. AFAIR Sun did that some time ago, but I'm not 100% sure. Yes, Sun did this (probably for every official release). If so, this might have been kept on the corporate side, not on the community website. For example, searching Google for site:openoffice.org ECCN shows several requests for this information [1] [2] [3] over the years, but no useful responses. Looks like LO discussed it briefly [4], but dismissed it under the misapprehension that since they are not in the US, the regulation is irrelevant. We'll obviously want to do better here. It may not make a much of a difference to the individual downloaded of AOOo, but this paperwork is essential for anyone who might want to bundle AOOo with laptops, for example. The location of the project is not the solitary relevant fact. The location of the users and re-distributors is the key thing. [1] http://openoffice.org/projects/www/lists/users/archive/2004-12/message/24 [2] http://openoffice.org/projects/marketing/lists/dev/archive/2005-11/message/204 [3] http://openoffice.org/projects/www/lists/users/archive/2009-12/message/653 [4] http://comments.gmane.org/gmane.comp.documentfoundation.discuss/6138 I'll check what we did for IBM Lotus Symphony. -Rob Danese
Re: An invitation to committers to the OOo Community Forums
OK, Rob, I now understand your point. I will do as you request. However, it seems to me that by making this request you are creating an interesting catch-22: I far as I can see there are two facets to this invitation. * *Sufficiency*. These forums are closed because this gives the attendees freedom to discuss matters (such as individual poster behaviour) that shouldn't be discussed on a public forum. We only invite trusted forum members to join these lists. (That's is that they've demonstrated that they are responsible and have built up a body of karma with their forum contributions.) I would have thought that being elected a committer could reasonably be deemed to be sufficient to show such trust. * *Necessity*. You seem to want to discuss policy on the governance of the forums from within this DL or ooo-private. I also recall some of your previous comments which indicate that these people (who have committed hundreds if not thousands of hours to supporting this service) do not merit committer status unless they have a wider engagement in the project, and they are therefore excluded from any ooo-private discussions. Yet, it seems to me that it is entirely reasonable that anyone contributing to this discussion should at least have a working knowledge of how the forums operate in practice and currently govern themselves. So I do think it necessary as well. Hence in my view, this invitation makes eminent sense. Is your counter proposal that only committers who are entirely ignorant of how the forums work should decided on their future governance and existence? I feel that most Europeans would regard this as a typical American attitude to the rest of the world ;) Regards Terry On 01/09/11 19:05, Rob Weir wrote: On Thu, Sep 1, 2011 at 1:56 PM, Terry Ellisonte...@ellisons.org.uk wrote: Rob, This was a polite invitation to committers if they wanted to see how the forums operate. I will take your -1 to mean that you don't want to take me up on the offer. Let me be clearer then. The -1 is to your proposal to invite committers and assign them permissions to a private forum. This is not a technical objection, but a policy objection. Please do not take further steps on this until we can get a Mentor to weigh in on. Thanks, -Rob Your reply is a valid topic but entirely off *this* topic. Unfortunately since this is a DL and not a forum, I can't move this to new topic which relates to your point. However, if you care to make this on another thread on the topic you discuss, then I will reply there. Can we try to maintain some thread discipline, please? Regards Terry On 01/09/11 17:59, Rob Weir wrote: On Thu, Sep 1, 2011 at 12:46 PM, Terry Ellisonte...@ellisons.org.uk wrote: Anyone is able to join the OOo Community forums, but we also have a number of closed forums use for internal management of the site. If any committers would like to have access to these, then just make sure that they've got an active account on the current production service (not ooo-forums.apache.org) and email me me from it requesting access. I will then raise you to volunteer so that you can see the main closed forums. -1 I propose that we eliminate any such internal management forums...snip
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin robertburrelldon...@gmail.com wrote: On Thu, Sep 1, 2011 at 7:38 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: Please just do it this way: http://www.apache.org/dev/crypto.html ASF is very clear on what is required for *its* releases and this page appears to be comprehensive. The Apache rules break down into reporting to users and notification. Informing users is important but notification is urgent (making source available [1] counts as export). (I finally found where I saw this before. It has also been discussed here or on the ooo-private list before. I remembered it as being simpler than it is.) (It looks worse than it is) Following the instructions[3], step 1 is to work out whether OOo has any unusual cryptography beyond ECCN 5D002, which is: blockquote cite='http://www.apache.org/dev/crypto.html#classify Software specially designed or modified for the development, production or use of any of the other software of this list, or software designed to certify other software on this list; or Software using a symmetric algorithm employing a key length in excess of 56-bits; or Software using an asymmetric algorithm where the security of the algorithm is based on: factorization of integers in excess of 512 bits (e.g., RSA), computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve). /blockquote Does OOo rely on cryptography more exotic than this? That is where it seems backwards to me. If I'm reading this correctly, we are OK if we use a symmetrical algorithm with key length greater than (in excess of) 56-bits. But if we use an algorithm, with less thanb 56-bits we're considered exotic? Really? For example, Calc has a ROT13() spreadsheet function, which undoubtedly is a weak symmetrical encryption technique, certainly not one with a key length in excess of 56-bits. So what now? In other words, I'm puzzled by the in excess part. They seem to be saying that strong encryption is regulated less than weak encryption. Could you explain where I'm getting this wrong? Thanks, -Rob Robert [1] http://www.apache.org/dev/crypto.html#overview [2] http://www.apache.org/licenses/exports/ [3] http://www.apache.org/dev/crypto.html#classify
Administrative controls / management of the mailing lists
Dennis, As we've discussed previously there is almost a religious split between those that work on forums and those that work on MLs and DLs. Very few of those involved in the governance of the forums would have anything to do with DLs/MLs and v.v. However, what you are really talking about is a configuration issue of the mail forwarder. It's more an application issue if we get control of the application support. I have exactly the same issues with my mail responder that is built into the forums. Terry, do you know if those administrative controls extend to the management of the mailing lists, such as the ones for http://fr.openoffice.org (apparently at http://openoffice.org/projects/fr/lists). Do you have any information on how we can empower someone to block a bad echo? Every post to the more-heavily-populated lists there generates three notices from service-clie...@sc.sfr.fr. Then we need to find the subscribers whose e-mail addresses are landing at the responding site and disable those. I also fear that there is nothing in our planned work to preserve these portions of the openoffice.org domain. - Dennis -Original Message- From: Terry Ellison [mailto:te...@ellisons.org.uk] Sent: Thursday, September 01, 2011 09:47 To: ooo-dev@incubator.apache.org Subject: An invitation to committers to the OOo Community Forums Anyone is able to join the OOo Community forums, but we also have a number of closed forums use for internal management of the site. If any committers would like to have access to these, then just make sure that they've got an active account on the current production service (not ooo-forums.apache.org) and email me me from it requesting access. I will then raise you to volunteer so that you can see the main closed forums. Please note: the forum rules apply to all and all volunteers are expected to follow them -- including me or any other committer. Regards Terry
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 8:00 PM, Rob Weir r...@robweir.com wrote: On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin robertburrelldon...@gmail.com wrote: On Thu, Sep 1, 2011 at 7:38 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: Please just do it this way: http://www.apache.org/dev/crypto.html ASF is very clear on what is required for *its* releases and this page appears to be comprehensive. The Apache rules break down into reporting to users and notification. Informing users is important but notification is urgent (making source available [1] counts as export). (I finally found where I saw this before. It has also been discussed here or on the ooo-private list before. I remembered it as being simpler than it is.) (It looks worse than it is) Following the instructions[3], step 1 is to work out whether OOo has any unusual cryptography beyond ECCN 5D002, which is: blockquote cite='http://www.apache.org/dev/crypto.html#classify Software specially designed or modified for the development, production or use of any of the other software of this list, or software designed to certify other software on this list; or Software using a symmetric algorithm employing a key length in excess of 56-bits; or Software using an asymmetric algorithm where the security of the algorithm is based on: factorization of integers in excess of 512 bits (e.g., RSA), computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve). /blockquote Does OOo rely on cryptography more exotic than this? That is where it seems backwards to me. If I'm reading this correctly, we are OK if we use a symmetrical algorithm with key length greater than (in excess of) 56-bits. But if we use an algorithm, with less thanb 56-bits we're considered exotic? Really? Remember that we're only interested in strong cryptography :-) IIRC symmetric and asymmetric algorithms weaker than this are not considered strong cryptography, and so don't fall under ECCN 5D002. Cryptography which is neither weak nor covered by those definitions needs special handling. Robert
Re: An invitation to committers to the OOo Community Forums
On Thu, Sep 1, 2011 at 2:56 PM, Terry Ellison te...@ellisons.org.uk wrote: OK, Rob, I now understand your point. I will do as you request. However, it seems to me that by making this request you are creating an interesting catch-22: I far as I can see there are two facets to this invitation. * *Sufficiency*. These forums are closed because this gives the attendees freedom to discuss matters (such as individual poster behaviour) that shouldn't be discussed on a public forum. We only invite trusted forum members to join these lists. (That's is that they've demonstrated that they are responsible and have built up a body of karma with their forum contributions.) I would have thought that being elected a committer could reasonably be deemed to be sufficient to show such trust. * *Necessity*. You seem to want to discuss policy on the governance of the forums from within this DL or ooo-private. I also recall some of your previous comments which indicate that these people (who have committed hundreds if not thousands of hours to supporting this service) do not merit committer status unless they have a wider engagement in the project, and they are therefore excluded from any ooo-private discussions. Yet, it seems to me that it is entirely reasonable that anyone contributing to this discussion should at least have a working knowledge of how the forums operate in practice and currently govern themselves. So I do think it necessary as well. This is incorrect. We're obviously discussing the policy on the public list. We have not discussed this on ooo-private. Discussion of policy regarding the treatment of confidential information is itself not confidential. In fact, such discussions should probably always be public. You are also incorrect in your assumption that volunteers need to contribute in several areas in order to be committers. Someone who makes substantial contributions as a support forum moderator could make a great committer candidate. Ditto for a documentation writer, a tester, a translator, etc. Committers are not just coders. It is about commitment to the project. You are suggesting two problems: 1) We have forum moderators who understand how the forums work, but have not made visible contributions to the project yet, so they are not currently being nominated as committers. 2) We have committers who are not familiar with how the forum operates. And I'm raising the 3rd issue: 3) How the forum operates should not be something that occurs in private. There is a clear solution here: 1) Have those who understand how the forum operates today write this up in detail as a contribution to the project's website 2) This would help other committers understand how this works and avoids the newbie problem you are concerned with, though we are probably not half as dumb as you seem to be assuming. I, for example, have run a phpBB board before. 3) This also gives the PPMC and Mentors an opportunity to review the forum procedures and ensure they conform Apache expectations, etc. This is something we should be doing anyways. 4) This effort, both in writing up the procedures, and educating the existing committers, and through this mutual discussion, would probably be a sufficient sign of commitment to get the moderators who are do this work to be nominated as project committers. So a win-win situation, all around. -Rob
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 3:00 PM, Rob Weir r...@robweir.com wrote: On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin robertburrelldon...@gmail.com wrote: Following the instructions[3], step 1 is to work out whether OOo has any unusual cryptography beyond ECCN 5D002, which is: blockquote cite='http://www.apache.org/dev/crypto.html#classify Software specially designed or modified for the development, production or use of any of the other software of this list, or software designed to certify other software on this list; or Software using a symmetric algorithm employing a key length in excess of 56-bits; or Software using an asymmetric algorithm where the security of the algorithm is based on: factorization of integers in excess of 512 bits (e.g., RSA), computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve). /blockquote Does OOo rely on cryptography more exotic than this? That is where it seems backwards to me. If I'm reading this correctly, we are OK if we use a symmetrical algorithm with key length greater than (in excess of) 56-bits. But if we use an algorithm, with less thanb 56-bits we're considered exotic? Really? For example, Calc has a ROT13() spreadsheet function, which undoubtedly is a weak symmetrical encryption technique, certainly not one with a key length in excess of 56-bits. So what now? In other words, I'm puzzled by the in excess part. They seem to be saying that strong encryption is regulated less than weak encryption. Could you explain where I'm getting this wrong? It looks to me like the key phrase is any unusual cryptography beyond ECCN 5D002, and the definition of that phrase is the cited block, as opposed to the cited block being a definition of ECCN 5D002. I am having a remarkably hard time finding a definition of ECCN 5D002. Don
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 8:18 PM, Donald Whytock dwhyt...@gmail.com wrote: On Thu, Sep 1, 2011 at 3:00 PM, Rob Weir r...@robweir.com wrote: On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin robertburrelldon...@gmail.com wrote: Following the instructions[3], step 1 is to work out whether OOo has any unusual cryptography beyond ECCN 5D002, which is: blockquote cite='http://www.apache.org/dev/crypto.html#classify Software specially designed or modified for the development, production or use of any of the other software of this list, or software designed to certify other software on this list; or Software using a symmetric algorithm employing a key length in excess of 56-bits; or Software using an asymmetric algorithm where the security of the algorithm is based on: factorization of integers in excess of 512 bits (e.g., RSA), computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve). /blockquote Does OOo rely on cryptography more exotic than this? That is where it seems backwards to me. If I'm reading this correctly, we are OK if we use a symmetrical algorithm with key length greater than (in excess of) 56-bits. But if we use an algorithm, with less thanb 56-bits we're considered exotic? Really? For example, Calc has a ROT13() spreadsheet function, which undoubtedly is a weak symmetrical encryption technique, certainly not one with a key length in excess of 56-bits. So what now? In other words, I'm puzzled by the in excess part. They seem to be saying that strong encryption is regulated less than weak encryption. Could you explain where I'm getting this wrong? It looks to me like the key phrase is any unusual cryptography beyond ECCN 5D002, and the definition of that phrase is the cited block, as opposed to the cited block being a definition of ECCN 5D002. I am having a remarkably hard time finding a definition of ECCN 5D002. EAR 740.13(e) should be on http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfrsid=bad7a54a31430303e17ce648c13e51b3rgn=div5view=textnode=15:2.1.3.4.25idno=15#15:2.1.3.4.25.0.1.13 Robert
RE: An invitation to committers to the OOo Community Forums
Rob, I believe Terry is talking about the openoffice.org domain in situ and the existing OOo forums there. This has nothing to do with anything under Apache ooo custody at this time, nor does it have anything to do with the test version he has running in order to learn how to port. It was an offer to provide any interim support on the live openoffice.org forums, and understand their administration ther, not anything on Apache. I assume that the rights that Terry Ellison has on openoffice.org is not anything that were conferred to him via the ASF. I believe that there is no policy matter here, and if it is it is between Oracle and Terry and those Terry approves to be there. - Dennis POLICY MATTERS THREADS There is certainly a policy matter on how administration is done on a port to Apache if we insist on operating it on an apache.org domain. There is a different policy matter, but still one, if we continue to operate it on the openoffice.org domain even though hosted in some sanitary way on Apache infrastructure. We already have unresolved discussions on other threads concerning that. -Original Message- From: Rob Weir [mailto:robw...@apache.org] Sent: Thursday, September 01, 2011 11:05 To: ooo-dev@incubator.apache.org Subject: Re: An invitation to committers to the OOo Community Forums On Thu, Sep 1, 2011 at 1:56 PM, Terry Ellison te...@ellisons.org.uk wrote: Rob, This was a polite invitation to committers if they wanted to see how the forums operate. I will take your -1 to mean that you don't want to take me up on the offer. Let me be clearer then. The -1 is to your proposal to invite committers and assign them permissions to a private forum. This is not a technical objection, but a policy objection. Please do not take further steps on this until we can get a Mentor to weigh in on. Thanks, -Rob Your reply is a valid topic but entirely off *this* topic. Unfortunately since this is a DL and not a forum, I can't move this to new topic which relates to your point. However, if you care to make this on another thread on the topic you discuss, then I will reply there. Can we try to maintain some thread discipline, please? Regards Terry On 01/09/11 17:59, Rob Weir wrote: On Thu, Sep 1, 2011 at 12:46 PM, Terry Ellisonte...@ellisons.org.uk wrote: Anyone is able to join the OOo Community forums, but we also have a number of closed forums use for internal management of the site. If any committers would like to have access to these, then just make sure that they've got an active account on the current production service (not ooo-forums.apache.org) and email me me from it requesting access. I will then raise you to volunteer so that you can see the main closed forums. -1 I propose that we eliminate any such internal management forums...snip
Re: Request dev help: Info for required crypto export declaration
So in general OpenOffice supports encryption and digital signatures and https/SSL. So we have support for standard algorithms, from one-way hashes like SHA-1, to block encryption like Blowfish and AES-256, to public key cryptography per the W3C's XML Digital Signatures. We also support legacy Microsoft Office encryption algorithms that are generally weaker and used only for backwards compatibility. I'm not a crypto expert, so I'm not sure what something exotic would look like. I think the strongest thing we have is AES-256. -Rob On Thu, Sep 1, 2011 at 3:25 PM, Robert Burrell Donkin robertburrelldon...@gmail.com wrote: On Thu, Sep 1, 2011 at 8:18 PM, Donald Whytock dwhyt...@gmail.com wrote: On Thu, Sep 1, 2011 at 3:00 PM, Rob Weir r...@robweir.com wrote: On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin robertburrelldon...@gmail.com wrote: Following the instructions[3], step 1 is to work out whether OOo has any unusual cryptography beyond ECCN 5D002, which is: blockquote cite='http://www.apache.org/dev/crypto.html#classify Software specially designed or modified for the development, production or use of any of the other software of this list, or software designed to certify other software on this list; or Software using a symmetric algorithm employing a key length in excess of 56-bits; or Software using an asymmetric algorithm where the security of the algorithm is based on: factorization of integers in excess of 512 bits (e.g., RSA), computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve). /blockquote Does OOo rely on cryptography more exotic than this? That is where it seems backwards to me. If I'm reading this correctly, we are OK if we use a symmetrical algorithm with key length greater than (in excess of) 56-bits. But if we use an algorithm, with less thanb 56-bits we're considered exotic? Really? For example, Calc has a ROT13() spreadsheet function, which undoubtedly is a weak symmetrical encryption technique, certainly not one with a key length in excess of 56-bits. So what now? In other words, I'm puzzled by the in excess part. They seem to be saying that strong encryption is regulated less than weak encryption. Could you explain where I'm getting this wrong? It looks to me like the key phrase is any unusual cryptography beyond ECCN 5D002, and the definition of that phrase is the cited block, as opposed to the cited block being a definition of ECCN 5D002. I am having a remarkably hard time finding a definition of ECCN 5D002. EAR 740.13(e) should be on http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfrsid=bad7a54a31430303e17ce648c13e51b3rgn=div5view=textnode=15:2.1.3.4.25idno=15#15:2.1.3.4.25.0.1.13 Robert
RE: Administrative controls / management of the mailing lists
Um, so your answer is no? You do not have any means to deal with that mailing list issue on the live openoffice.org site? Any suggestions? - Dennis -Original Message- From: Terry Ellison [mailto:te...@ellisons.org.uk] Sent: Thursday, September 01, 2011 12:04 To: dennis.hamil...@acm.org Cc: ooo-dev@incubator.apache.org Subject: Administrative controls / management of the mailing lists Dennis, As we've discussed previously there is almost a religious split between those that work on forums and those that work on MLs and DLs. Very few of those involved in the governance of the forums would have anything to do with DLs/MLs and v.v. However, what you are really talking about is a configuration issue of the mail forwarder. It's more an application issue if we get control of the application support. I have exactly the same issues with my mail responder that is built into the forums. Terry, do you know if those administrative controls extend to the management of the mailing lists, such as the ones for http://fr.openoffice.org (apparently at http://openoffice.org/projects/fr/lists). Do you have any information on how we can empower someone to block a bad echo? Every post to the more-heavily-populated lists there generates three notices from service-clie...@sc.sfr.fr. Then we need to find the subscribers whose e-mail addresses are landing at the responding site and disable those. I also fear that there is nothing in our planned work to preserve these portions of the openoffice.org domain. - Dennis -Original Message- From: Terry Ellison [mailto:te...@ellisons.org.uk] Sent: Thursday, September 01, 2011 09:47 To: ooo-dev@incubator.apache.org Subject: An invitation to committers to the OOo Community Forums Anyone is able to join the OOo Community forums, but we also have a number of closed forums use for internal management of the site. If any committers would like to have access to these, then just make sure that they've got an active account on the current production service (not ooo-forums.apache.org) and email me me from it requesting access. I will then raise you to volunteer so that you can see the main closed forums. Please note: the forum rules apply to all and all volunteers are expected to follow them -- including me or any other committer. Regards Terry
Re: [ooo-user] was RE: us...@openoffice.org [Was: Re: [Discussion] d...@openoffice.org]
2011/8/31 Rob Weir r...@robweir.com: On Wed, Aug 31, 2011 at 2:51 PM, Manfred A. Reiter ma.rei...@gmail.com wrote: 2011/8/31 Rob Weir robw...@apache.org: Something else to think about for the ooo-users list: file attachments. The experience with the german OOo-users list have shown that attachments should be banned. Today it is not an art piece to save a file in net and refer to a link to it. Did you give the users some sort of automated error message if they tried to add an attachment? That is the part that concerns me, that we silently strip the attachments. This will just lead to increased noise: 1) User posts message with attempted attachment 2) User notices attachment is missing and sends the note again, saying sorry, I forget the attachment (Users often blame themselves) 3) Seeing the attachment is not there again, they are angry and post another note, saying, Where the #%$% is my attachment 4) Helpful support person comes in and says that attachments are not allowed and points them to alternatives file sharing mechanisms. I think all questions are answered ... during my rest and a day of hard work in the fruit plot ;-) ... only to know, we had a weekly pointer ... to educate people on the users list ... and it worked fine http://openoffice.org/projects/de/lists/users/archive/2010-03/message/0 a rough translation from google translate : -- - The etiquette of us...@de.openoffice.org-Mailingliste -- - What is it about? -- - Did you end up on a mailing list with a sometimes very high Registered mail traffic. To a smooth handling to allow this mass of mails that have some Agreements proved. You will of the majority of participants accepted and applied. It is not to prescribe anything to anybody. Who reads the rules will soon realize that all their meaning have and simplify the handling of the list for all. However opens up this sense is not always immediate. Wants this email provide clarity. A more detailed version of this text with many other Tips can be found under http://www.eschkitai.de/openoffice/netikette.html;. The eight golden rules for good contributions: -- - 1st Helping people help themselves 2nd Give your real name 3rd For each question, please create a new mail 4th Answers shorten useful 5th Watch for good readability 6th Feedback in the form of a summary 7th Properly configure the mail program 8th Do not send attachments to the list The main points in detail: -- - # # 1 # # # # to help themselves Try first of all on-line help for OpenOffice.org To find help. Try more keywords from the index, not always the first hit or sit, the term, you chose, or your problem. You can find instructions in the documentation portal to individual Modules, support for installation and answers to frequently Asked Questions (FAQ): http://de.openoffice.org/doc/ The left-hand navigation bar provides a search function. Try them out. The sides of the international project Help (http://www.openoffice.org/) more. Although in English, they describe exactly those issues, as they also encounters, and often very evident. Additional help can be found on pages Directory of OpenOffice.org (http://www.ooo-portal.de/) the OpenOffice.org forum (http://de.openoffice.info/) and the OpenOffice.org Wiki (http://www.ooowiki.de/). A look to it worthwhile. Maybe your question is already on the mailing list been asked and answered. In this case, a look into the Archive, which under http://de.openoffice.org/servlets/SummarizeList?listName=users or http://www.mail-archive.com/users% to find 40de.openoffice.org is. If you solve your problem with these aids do not already own could, but this preliminary work will allow you, your concerns to describe precisely, and help provide answers to your question to understand better. Then you should also dig deeper to some slight fall. Please do not forget to tell your readers, which version OpenOffice.org and what operating system you work. Finally, you can find under http://de.openoffice.org/about-ooo/about-users-mailinglist.html further guidance on using the mailing list and to Logging in and out. # # 2 # # # # Enter your real name Please enter your first and last name in the From: line. We like to know with whom we converse. In real life is you look so well with the name before and forges links to others. We find the mention of the name helps solve that is from an anonymous group of users, a community. 3 # # # # # # For each question, please create a new mail Participants often use the _Antwortfunktion_ the mail program, to start a new topic. They delete the quotation as the imported content and the subject. Remain at
Re: An invitation to committers to the OOo Community Forums
On Thu, Sep 1, 2011 at 3:44 PM, Terry Ellison ter...@apache.org wrote: On 01/09/11 20:14, Rob Weir wrote: On Thu, Sep 1, 2011 at 2:56 PM, Terry Ellison te...@ellisons.org.uk wrote: OK, Rob, I now understand your point. I will do as you request. However, it seems to me that by making this request you are creating an interesting catch-22: I far as I can see there are two facets to this invitation. * *Sufficiency*. These forums are closed because this gives the attendees freedom to discuss matters (such as individual poster behaviour) that shouldn't be discussed on a public forum. We only invite trusted forum members to join these lists. (That's is that they've demonstrated that they are responsible and have built up a body of karma with their forum contributions.) I would have thought that being elected a committer could reasonably be deemed to be sufficient to show such trust. * *Necessity*. You seem to want to discuss policy on the governance of the forums from within this DL or ooo-private. I also recall some of your previous comments which indicate that these people (who have committed hundreds if not thousands of hours to supporting this service) do not merit committer status unless they have a wider engagement in the project, and they are therefore excluded from any ooo-private discussions. Yet, it seems to me that it is entirely reasonable that anyone contributing to this discussion should at least have a working knowledge of how the forums operate in practice and currently govern themselves. So I do think it necessary as well. This is incorrect. We're obviously discussing the policy on the public list. We have not discussed this on ooo-private. Discussion of policy regarding the treatment of confidential information is itself not confidential. In fact, such discussions should probably always be public. You are also incorrect in your assumption that volunteers need to contribute in several areas in order to be committers. Someone who makes substantial contributions as a support forum moderator could make a great committer candidate. Ditto for a documentation writer, a tester, a translator, etc. Committers are not just coders. It is about commitment to the project. You are suggesting two problems: 1) We have forum moderators who understand how the forums work, but have not made visible contributions to the project yet, so they are not currently being nominated as committers. 2) We have committers who are not familiar with how the forum operates. And I'm raising the 3rd issue: 3) How the forum operates should not be something that occurs in private. There is a clear solution here: 1) Have those who understand how the forum operates today write this up in detail as a contribution to the project's website 2) This would help other committers understand how this works and avoids the newbie problem you are concerned with, though we are probably not half as dumb as you seem to be assuming. I, for example, have run a phpBB board before. The issue isn't about phpBB, its more about we operate *these* forums. 3) This also gives the PPMC and Mentors an opportunity to review the forum procedures and ensure they conform Apache expectations, etc. This is something we should be doing anyways. 4) This effort, both in writing up the procedures, and educating the existing committers, and through this mutual discussion, would probably be a sufficient sign of commitment to get the moderators who are do this work to be nominated as project committers. So a win-win situation, all around. Rob, I think that on your last comments we are lot closer than on your first reply. However, we can either choose to make this change: A) a disruptive one: that is we lay down some (from the perspective of the volunteers who are currently doing this work) arbitrary and seemly irrational new rules on a love it or leave it basis. In my experience many or most will leave given this sort of diktat. It's a good way to kill off a service. B) an evolutionary one: that is we engage constructively and get to understand the range of perspectives then move the service incrementally to an end-point that is mutually acceptable. In my experience many or most supporters will leave when faced with the (A) sort of diktat. (B) works a LOT better, especially when the people involved are making their commitments pro-bono. So I tend to feel that people who start with (A) really have an agenda of shutting down a service and those who start from (B) want it to prosper. Transparency is not just a nice to have at Apache. Transparency is not irrational. Transparency is not something we slowly evolve towards in order to accommodate working habits of volunteers. Transparency is fundamental about how we do things. If operating transparently is seen as disruptive, then that may mean that we are doing a
Re: An invitation to committers to the OOo Community Forums
On Thu, 2011-09-01 at 19:56 +0100, Terry Ellison wrote: OK, Rob, I now understand your point. I will do as you request. However, it seems to me that by making this request you are creating an interesting catch-22: I far as I can see there are two facets to this invitation. * *Sufficiency*. These forums are closed because this gives the attendees freedom to discuss matters (such as individual poster behaviour) that shouldn't be discussed on a public forum. We only invite trusted forum members to join these lists. (That's is that they've demonstrated that they are responsible and have built up a body of karma with their forum contributions.) I would have thought that being elected a committer could reasonably be deemed to be sufficient to show such trust. * *Necessity*. You seem to want to discuss policy on the governance of the forums from within this DL or ooo-private. I also recall some of your previous comments which indicate that these people (who have committed hundreds if not thousands of hours to supporting this service) do not merit committer status unless they have a wider engagement in the project, and they are therefore excluded from any ooo-private discussions. Yet, it seems to me that it is entirely reasonable that anyone contributing to this discussion should at least have a working knowledge of how the forums operate in practice and currently govern themselves. So I do think it necessary as well. Hence in my view, this invitation makes eminent sense. Is your counter proposal that only committers who are entirely ignorant of how the forums work should decided on their future governance and existence? I feel that most Europeans would regard this as a typical American attitude to the rest of the world ;) Could of done with out the last line there Terry, IMO, even if Rob comes on a bit strong at times. Anyway - given that the status of the forums is in reality changing, finally, it makes sense that it is also open of review by the PPMC. First what I think are the easy cases. There are three closed boards per language level forum that I submit need to remain closed. The first is named forum-admin, but this can be a bit of misnomer. It's purpose is quite simple, emails sent to the admin mailing address are handled by a semi-automated process. 1) An email auto responder emails back a canned message, crafted over time that explains simple problem solving steps the user can take on their own. This tends to clear a very large majority of issues without further intervention. 2) The full email is posted to the forum-admin board along with the users email address. This is the only board on the site where the email address is given in clear text. Every moderator can see that board and is asked to take a part in reviewing these requests - if the problem is clearly handled by the canned reply email no action is required. On the other hand if it is one of the outliers and does require human intervention they can grab it, do what they think needs dong and add a comment to the email showing what they did. This has worked out quite well over time. The next closed board that needs to stay that way is the Quarantine board. This board serves a dual purpose. When any post is deleted on a public board, either by the posting user or a moderator the post is moved to quarantine, rather then being immediately removed from the database. As this point all moderators can view these deleted posts and a clock starts. After three days if no action is taken the post is permanently removed from the database. During this time however a post can be restored. This happens from time to time with users accidentally deleting a post, they just need to ask a moderator to un-delete it for them. In the case of obvious spam no one does anything and it just slides into oblivion. Now normally, if a moderator wants to remove a post for some cause they would bring it up on the moderator list, but even if they didn't and they just deleted a post the quarantine list then acts as a peer review mechanism. Terry mentioned rules, this is a big one, a moderator can't do something lie this without informing the group as a whole as to what they did and why. (this includes removing 'obvious' spam...they still must report the action) Again from time to time it is the judgment of the larger group to reverse the individuals decision, in which case the post is restored. Rounding out this group of boards is the actual moderator board and that is where these peer reviews and discussion on specific posts by named users takes place. Although anyone can bring up whatever topic they want on that board. To the others on the list here that are admins and moderators at the forums I would say, I agree with Rob - everything else should really be open to all. Anyway - hope that helps.
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 3:59 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: Let me see if I can help ground this. Remember, the export could be of code, not just the binaries. So if we have code that does asymmetrical encryption, then we are exporting that, even if in the binaries we call it only in the context of digital signatures. Or not. That seems obvious to me, but IANAL -Rob Currently, digest algorithms are used for a variety of things. The common case is SHA1. These are not themselves a concern, as I understand it, since their function is not directly related to encryption even though they come into play in the use of encryption methods. There is no support for *document* *encryption* via asymmetric keys. It is not specified in ODF and there is no way to do it in current implementations as far as I know. There is *password-based* *document* *encryption*. The current default procedure generates a 128-bit (symmetrical, of course) key via PBKDF2 using HMAC-SHA1 and encrypts using Blowfish with 8-bit CFB. There are provisions, for ODF 1.2, to generate wider keys and use PBKDF2 with rng methods other than HMAC-SHA1. Substitutes for PBKDF2 and Blowfish are allowed but I don't know the status of any implementation-dependent variations in OpenOffice.org. I believe there are extensions in the builds but they are not currently enabled in the standard distributions. There is support for digital signatures using PKI methodologies and those do, of course, use *asymmetric encryption* as part of the signature procedure. We need to catalog what those flavors are that are accepted and that are produced. Implementations are allowed considerable license in this area and we need to inventory the actual support in OpenOffice.org. It is not clear to me that the asymmetrical encryption used for digital signatures is a concern, but it is useful to have all of these methods profiled and catalogued concerning their implementation in OpenOffice.org. Comprehensive profiling of digital signature provisions is required to ensure interoperability in any case. I am not aware of any other cases. There are proposals for some modest but valuable modifications in ODF 1.3 and as possible implementation-dependent introductions in products supporting earlier versions of ODF. Any such implementations would need to be identified too, although none of those I am aware of introduce additional encryption algoritms. - Dennis -Original Message- From: Robert Burrell Donkin [mailto:robertburrelldon...@gmail.com] Sent: Thursday, September 01, 2011 12:14 To: ooo-dev@incubator.apache.org Subject: Re: Request dev help: Info for required crypto export declaration On Thu, Sep 1, 2011 at 8:00 PM, Rob Weir r...@robweir.com wrote: On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin robertburrelldon...@gmail.com wrote: On Thu, Sep 1, 2011 at 7:38 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: Please just do it this way: http://www.apache.org/dev/crypto.html ASF is very clear on what is required for *its* releases and this page appears to be comprehensive. The Apache rules break down into reporting to users and notification. Informing users is important but notification is urgent (making source available [1] counts as export). (I finally found where I saw this before. It has also been discussed here or on the ooo-private list before. I remembered it as being simpler than it is.) (It looks worse than it is) Following the instructions[3], step 1 is to work out whether OOo has any unusual cryptography beyond ECCN 5D002, which is: blockquote cite='http://www.apache.org/dev/crypto.html#classify Software specially designed or modified for the development, production or use of any of the other software of this list, or software designed to certify other software on this list; or Software using a symmetric algorithm employing a key length in excess of 56-bits; or Software using an asymmetric algorithm where the security of the algorithm is based on: factorization of integers in excess of 512 bits (e.g., RSA), computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve). /blockquote Does OOo rely on cryptography more exotic than this? That is where it seems backwards to me. If I'm reading this correctly, we are OK if we use a symmetrical algorithm with key length greater than (in excess of) 56-bits. But if we use an algorithm, with less thanb 56-bits we're considered exotic? Really? Remember that we're only interested in strong cryptography :-) IIRC symmetric and asymmetric algorithms weaker than this are not considered strong cryptography, and so don't fall under ECCN 5D002. Cryptography which is
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 8:40 PM, Donald Whytock dwhyt...@gmail.com wrote: On Thu, Sep 1, 2011 at 3:25 PM, Robert Burrell Donkin robertburrelldon...@gmail.com wrote: EAR 740.13(e) should be on http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfrsid=bad7a54a31430303e17ce648c13e51b3rgn=div5view=textnode=15:2.1.3.4.25idno=15#15:2.1.3.4.25.0.1.13 Robert Thanks, Robert. IANAL, but on that page I see reference to the phrase publicly available encryption source code. ASF, by charter, is a repository of publicly available source code. If OOo is officially an ASF project, does that take it out of the category of a product for export and into the category of publicly available source code? As our source is publicly available, the TSU exception applies [1] Robert [1] http://www.apache.org/dev/crypto.html
RE: Request dev help: Info for required crypto export declaration
I'm not aware of any legacy encryption in non-ODF formats being supported on output or input. I must try that. Rob, Is it your understanding that http is implemented directly in OpenOffice, or is the platform provider of http: and https: schemes relied upon? I would be amazed to learn that OpenOffice.org deals with SSL certifications, but I guess I should be prepared for anything. - Dennis -Original Message- From: Rob Weir [mailto:robw...@apache.org] Sent: Thursday, September 01, 2011 12:32 To: ooo-dev@incubator.apache.org Subject: Re: Request dev help: Info for required crypto export declaration So in general OpenOffice supports encryption and digital signatures and https/SSL. So we have support for standard algorithms, from one-way hashes like SHA-1, to block encryption like Blowfish and AES-256, to public key cryptography per the W3C's XML Digital Signatures. We also support legacy Microsoft Office encryption algorithms that are generally weaker and used only for backwards compatibility. I'm not a crypto expert, so I'm not sure what something exotic would look like. I think the strongest thing we have is AES-256. -Rob On Thu, Sep 1, 2011 at 3:25 PM, Robert Burrell Donkin robertburrelldon...@gmail.com wrote: On Thu, Sep 1, 2011 at 8:18 PM, Donald Whytock dwhyt...@gmail.com wrote: On Thu, Sep 1, 2011 at 3:00 PM, Rob Weir r...@robweir.com wrote: On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin robertburrelldon...@gmail.com wrote: Following the instructions[3], step 1 is to work out whether OOo has any unusual cryptography beyond ECCN 5D002, which is: blockquote cite='http://www.apache.org/dev/crypto.html#classify Software specially designed or modified for the development, production or use of any of the other software of this list, or software designed to certify other software on this list; or Software using a symmetric algorithm employing a key length in excess of 56-bits; or Software using an asymmetric algorithm where the security of the algorithm is based on: factorization of integers in excess of 512 bits (e.g., RSA), computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve). /blockquote Does OOo rely on cryptography more exotic than this? That is where it seems backwards to me. If I'm reading this correctly, we are OK if we use a symmetrical algorithm with key length greater than (in excess of) 56-bits. But if we use an algorithm, with less thanb 56-bits we're considered exotic? Really? For example, Calc has a ROT13() spreadsheet function, which undoubtedly is a weak symmetrical encryption technique, certainly not one with a key length in excess of 56-bits. So what now? In other words, I'm puzzled by the in excess part. They seem to be saying that strong encryption is regulated less than weak encryption. Could you explain where I'm getting this wrong? It looks to me like the key phrase is any unusual cryptography beyond ECCN 5D002, and the definition of that phrase is the cited block, as opposed to the cited block being a definition of ECCN 5D002. I am having a remarkably hard time finding a definition of ECCN 5D002. EAR 740.13(e) should be on http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfrsid=bad7a54a31430303e17ce648c13e51b3rgn=div5view=textnode=15:2.1.3.4.25idno=15#15:2.1.3.4.25.0.1.13 Robert
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 8:59 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: Let me see if I can help ground this. Currently, digest algorithms are used for a variety of things. The common case is SHA1. These are not themselves a concern, as I understand it, since their function is not directly related to encryption even though they come into play in the use of encryption methods. AIUI only encryption is of concern There is no support for *document* *encryption* via asymmetric keys. It is not specified in ODF and there is no way to do it in current implementations as far as I know. Ok There is *password-based* *document* *encryption*. The current default procedure generates a 128-bit (symmetrical, of course) key via PBKDF2 using HMAC-SHA1 and encrypts using Blowfish with 8-bit CFB. There are provisions, for ODF 1.2, to generate wider keys and use PBKDF2 with rng methods other than HMAC-SHA1. Substitutes for PBKDF2 and Blowfish are allowed but I don't know the status of any implementation-dependent variations in OpenOffice.org. I believe there are extensions in the builds but they are not currently enabled in the standard distributions. Sounds likely to be strong cryptography falling under 'Software using a symmetric algorithm employing a key length in excess of 56-bits' There is support for digital signatures using PKI methodologies and those do, of course, use *asymmetric encryption* as part of the signature procedure. We need to catalog what those flavors are that are accepted and that are produced. Implementations are allowed considerable license in this area and we need to inventory the actual support in OpenOffice.org. +1 It is not clear to me that the asymmetrical encryption used for digital signatures is a concern, but it is useful to have all of these methods profiled and catalogued concerning their implementation in OpenOffice.org. Comprehensive profiling of digital signature provisions is required to ensure interoperability in any case. +1 I am not aware of any other cases. There are proposals for some modest but valuable modifications in ODF 1.3 and as possible implementation-dependent introductions in products supporting earlier versions of ODF. Any such implementations would need to be identified too, although none of those I am aware of introduce additional encryption algoritms. So far, looks like OOo most likely has strong crypto but it's all fairly standard stuff. We should press forward with the notification required by law whilst auditing the code. Robert
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 9:03 PM, Rob Weir r...@robweir.com wrote: On Thu, Sep 1, 2011 at 3:59 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: Let me see if I can help ground this. Remember, the export could be of code, not just the binaries. So if we have code that does asymmetrical encryption, then we are exporting that, even if in the binaries we call it only in the context of digital signatures. Or not. That seems obvious to me, but IANAL Also code intended to work with cryptography libraries (whether shipped or not) Robert
Re: An invitation to committers to the OOo Community Forums
On Thu, Sep 1, 2011 at 4:00 PM, drew d...@baseanswers.com wrote: On Thu, 2011-09-01 at 19:56 +0100, Terry Ellison wrote: OK, Rob, I now understand your point. I will do as you request. However, it seems to me that by making this request you are creating an interesting catch-22: I far as I can see there are two facets to this invitation. * *Sufficiency*. These forums are closed because this gives the attendees freedom to discuss matters (such as individual poster behaviour) that shouldn't be discussed on a public forum. We only invite trusted forum members to join these lists. (That's is that they've demonstrated that they are responsible and have built up a body of karma with their forum contributions.) I would have thought that being elected a committer could reasonably be deemed to be sufficient to show such trust. * *Necessity*. You seem to want to discuss policy on the governance of the forums from within this DL or ooo-private. I also recall some of your previous comments which indicate that these people (who have committed hundreds if not thousands of hours to supporting this service) do not merit committer status unless they have a wider engagement in the project, and they are therefore excluded from any ooo-private discussions. Yet, it seems to me that it is entirely reasonable that anyone contributing to this discussion should at least have a working knowledge of how the forums operate in practice and currently govern themselves. So I do think it necessary as well. Hence in my view, this invitation makes eminent sense. Is your counter proposal that only committers who are entirely ignorant of how the forums work should decided on their future governance and existence? I feel that most Europeans would regard this as a typical American attitude to the rest of the world ;) Could of done with out the last line there Terry, IMO, even if Rob comes on a bit strong at times. Anyway - given that the status of the forums is in reality changing, finally, it makes sense that it is also open of review by the PPMC. First what I think are the easy cases. There are three closed boards per language level forum that I submit need to remain closed. The first is named forum-admin, but this can be a bit of misnomer. It's purpose is quite simple, emails sent to the admin mailing address are handled by a semi-automated process. 1) An email auto responder emails back a canned message, crafted over time that explains simple problem solving steps the user can take on their own. This tends to clear a very large majority of issues without further intervention. 2) The full email is posted to the forum-admin board along with the users email address. This is the only board on the site where the email address is given in clear text. Every moderator can see that board and is asked to take a part in reviewing these requests - if the problem is clearly handled by the canned reply email no action is required. On the other hand if it is one of the outliers and does require human intervention they can grab it, do what they think needs dong and add a comment to the email showing what they did. This has worked out quite well over time. The next closed board that needs to stay that way is the Quarantine board. This board serves a dual purpose. When any post is deleted on a public board, either by the posting user or a moderator the post is moved to quarantine, rather then being immediately removed from the database. As this point all moderators can view these deleted posts and a clock starts. After three days if no action is taken the post is permanently removed from the database. During this time however a post can be restored. This happens from time to time with users accidentally deleting a post, they just need to ask a moderator to un-delete it for them. In the case of obvious spam no one does anything and it just slides into oblivion. Now normally, if a moderator wants to remove a post for some cause they would bring it up on the moderator list, but even if they didn't and they just deleted a post the quarantine list then acts as a peer review mechanism. Terry mentioned rules, this is a big one, a moderator can't do something lie this without informing the group as a whole as to what they did and why. (this includes removing 'obvious' spam...they still must report the action) Again from time to time it is the judgment of the larger group to reverse the individuals decision, in which case the post is restored. Rounding out this group of boards is the actual moderator board and that is where these peer reviews and discussion on specific posts by named users takes place. Although anyone can bring up whatever topic they want on that board. I could see an operational need for the first two. They are not used as
RE: Request dev help: Info for required crypto export declaration
I am not making a judgment in the case of encryption used as part of digital-signature PKI-based methods. We need to identify them regardless. I also don't know if those particular encryptions are done in OpenOffice.org code or are handled by the platforms at runtime. This might vary depending on the platform. We need to comprehend such variations for interoperability purposes as well. - Dennis -Original Message- From: rabas...@gmail.com [mailto:rabas...@gmail.com] On Behalf Of Rob Weir Sent: Thursday, September 01, 2011 13:03 To: ooo-dev@incubator.apache.org Subject: Re: Request dev help: Info for required crypto export declaration On Thu, Sep 1, 2011 at 3:59 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: Let me see if I can help ground this. Remember, the export could be of code, not just the binaries. So if we have code that does asymmetrical encryption, then we are exporting that, even if in the binaries we call it only in the context of digital signatures. Or not. That seems obvious to me, but IANAL -Rob Currently, digest algorithms are used for a variety of things. The common case is SHA1. These are not themselves a concern, as I understand it, since their function is not directly related to encryption even though they come into play in the use of encryption methods. There is no support for *document* *encryption* via asymmetric keys. It is not specified in ODF and there is no way to do it in current implementations as far as I know. There is *password-based* *document* *encryption*. The current default procedure generates a 128-bit (symmetrical, of course) key via PBKDF2 using HMAC-SHA1 and encrypts using Blowfish with 8-bit CFB. There are provisions, for ODF 1.2, to generate wider keys and use PBKDF2 with rng methods other than HMAC-SHA1. Substitutes for PBKDF2 and Blowfish are allowed but I don't know the status of any implementation-dependent variations in OpenOffice.org. I believe there are extensions in the builds but they are not currently enabled in the standard distributions. There is support for digital signatures using PKI methodologies and those do, of course, use *asymmetric encryption* as part of the signature procedure. We need to catalog what those flavors are that are accepted and that are produced. Implementations are allowed considerable license in this area and we need to inventory the actual support in OpenOffice.org. It is not clear to me that the asymmetrical encryption used for digital signatures is a concern, but it is useful to have all of these methods profiled and catalogued concerning their implementation in OpenOffice.org. Comprehensive profiling of digital signature provisions is required to ensure interoperability in any case. I am not aware of any other cases. There are proposals for some modest but valuable modifications in ODF 1.3 and as possible implementation-dependent introductions in products supporting earlier versions of ODF. Any such implementations would need to be identified too, although none of those I am aware of introduce additional encryption algoritms. - Dennis -Original Message- From: Robert Burrell Donkin [mailto:robertburrelldon...@gmail.com] Sent: Thursday, September 01, 2011 12:14 To: ooo-dev@incubator.apache.org Subject: Re: Request dev help: Info for required crypto export declaration On Thu, Sep 1, 2011 at 8:00 PM, Rob Weir r...@robweir.com wrote: On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin robertburrelldon...@gmail.com wrote: On Thu, Sep 1, 2011 at 7:38 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: Please just do it this way: http://www.apache.org/dev/crypto.html ASF is very clear on what is required for *its* releases and this page appears to be comprehensive. The Apache rules break down into reporting to users and notification. Informing users is important but notification is urgent (making source available [1] counts as export). (I finally found where I saw this before. It has also been discussed here or on the ooo-private list before. I remembered it as being simpler than it is.) (It looks worse than it is) Following the instructions[3], step 1 is to work out whether OOo has any unusual cryptography beyond ECCN 5D002, which is: blockquote cite='http://www.apache.org/dev/crypto.html#classify Software specially designed or modified for the development, production or use of any of the other software of this list, or software designed to certify other software on this list; or Software using a symmetric algorithm employing a key length in excess of 56-bits; or Software using an asymmetric algorithm where the security of the algorithm is based on: factorization of integers in excess of 512 bits (e.g., RSA), computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ), or
RE: An invitation to committers to the OOo Community Forums
This should really be on its own thread as Terry requested. In any case, I believe the private forums are for roughly the same reasons that the PPMC list is private. The administrators address disputes, deal with bad behavior, etc. I notice that moderator actions on lists here are not dealt with transparently and why should they be? We don't even know who the moderators are, in general, especially for lists created before there were any lists on which to learn such things. I believe this is similar, in that there are moderation privileges and a place for those with such privileges to discuss matters in private. If not there already, it would be easy to have a public forum in each cluster for issues about the forum itself. There still needs a private means of communication on what are sensitive matters, in the current live system and any counterpart under Apache auspices. - Dennis -Original Message- From: Rob Weir [mailto:robw...@apache.org] Sent: Thursday, September 01, 2011 12:59 To: ooo-dev@incubator.apache.org Subject: Re: An invitation to committers to the OOo Community Forums On Thu, Sep 1, 2011 at 3:44 PM, Terry Ellison ter...@apache.org wrote: On 01/09/11 20:14, Rob Weir wrote: On Thu, Sep 1, 2011 at 2:56 PM, Terry Ellison te...@ellisons.org.uk wrote: OK, Rob, I now understand your point. I will do as you request. However, it seems to me that by making this request you are creating an interesting catch-22: I far as I can see there are two facets to this invitation. * *Sufficiency*. These forums are closed because this gives the attendees freedom to discuss matters (such as individual poster behaviour) that shouldn't be discussed on a public forum. We only invite trusted forum members to join these lists. (That's is that they've demonstrated that they are responsible and have built up a body of karma with their forum contributions.) I would have thought that being elected a committer could reasonably be deemed to be sufficient to show such trust. * *Necessity*. You seem to want to discuss policy on the governance of the forums from within this DL or ooo-private. I also recall some of your previous comments which indicate that these people (who have committed hundreds if not thousands of hours to supporting this service) do not merit committer status unless they have a wider engagement in the project, and they are therefore excluded from any ooo-private discussions. Yet, it seems to me that it is entirely reasonable that anyone contributing to this discussion should at least have a working knowledge of how the forums operate in practice and currently govern themselves. So I do think it necessary as well. This is incorrect. We're obviously discussing the policy on the public list. We have not discussed this on ooo-private. Discussion of policy regarding the treatment of confidential information is itself not confidential. In fact, such discussions should probably always be public. You are also incorrect in your assumption that volunteers need to contribute in several areas in order to be committers. Someone who makes substantial contributions as a support forum moderator could make a great committer candidate. Ditto for a documentation writer, a tester, a translator, etc. Committers are not just coders. It is about commitment to the project. You are suggesting two problems: 1) We have forum moderators who understand how the forums work, but have not made visible contributions to the project yet, so they are not currently being nominated as committers. 2) We have committers who are not familiar with how the forum operates. And I'm raising the 3rd issue: 3) How the forum operates should not be something that occurs in private. There is a clear solution here: 1) Have those who understand how the forum operates today write this up in detail as a contribution to the project's website 2) This would help other committers understand how this works and avoids the newbie problem you are concerned with, though we are probably not half as dumb as you seem to be assuming. I, for example, have run a phpBB board before. The issue isn't about phpBB, its more about we operate *these* forums. 3) This also gives the PPMC and Mentors an opportunity to review the forum procedures and ensure they conform Apache expectations, etc. This is something we should be doing anyways. 4) This effort, both in writing up the procedures, and educating the existing committers, and through this mutual discussion, would probably be a sufficient sign of commitment to get the moderators who are do this work to be nominated as project committers. So a win-win situation, all around. Rob, I think that on your last comments we are lot closer than on your first reply. However, we can either choose to make this change: A) a disruptive one: that is we lay down some (from
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 4:11 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: I'm not aware of any legacy encryption in non-ODF formats being supported on output or input. I must try that. Rob, Is it your understanding that http is implemented directly in OpenOffice, or is the platform provider of http: and https: schemes relied upon? I would be amazed to learn that OpenOffice.org deals with SSL certifications, but I guess I should be prepared for anything. It is still declarable even if we are simply enabled for using a 3rd party service. So, for example, if we make calls into an OS-level URL protocol handler that negotiates SSL for https URL's, then that would count. That is my reading of it. - Dennis -Original Message- From: Rob Weir [mailto:robw...@apache.org] Sent: Thursday, September 01, 2011 12:32 To: ooo-dev@incubator.apache.org Subject: Re: Request dev help: Info for required crypto export declaration So in general OpenOffice supports encryption and digital signatures and https/SSL. So we have support for standard algorithms, from one-way hashes like SHA-1, to block encryption like Blowfish and AES-256, to public key cryptography per the W3C's XML Digital Signatures. We also support legacy Microsoft Office encryption algorithms that are generally weaker and used only for backwards compatibility. I'm not a crypto expert, so I'm not sure what something exotic would look like. I think the strongest thing we have is AES-256. -Rob On Thu, Sep 1, 2011 at 3:25 PM, Robert Burrell Donkin robertburrelldon...@gmail.com wrote: On Thu, Sep 1, 2011 at 8:18 PM, Donald Whytock dwhyt...@gmail.com wrote: On Thu, Sep 1, 2011 at 3:00 PM, Rob Weir r...@robweir.com wrote: On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin robertburrelldon...@gmail.com wrote: Following the instructions[3], step 1 is to work out whether OOo has any unusual cryptography beyond ECCN 5D002, which is: blockquote cite='http://www.apache.org/dev/crypto.html#classify Software specially designed or modified for the development, production or use of any of the other software of this list, or software designed to certify other software on this list; or Software using a symmetric algorithm employing a key length in excess of 56-bits; or Software using an asymmetric algorithm where the security of the algorithm is based on: factorization of integers in excess of 512 bits (e.g., RSA), computation of discrete logarithms in a multiplicative group of a finite field of size greater than 512 bits (e.g., Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve). /blockquote Does OOo rely on cryptography more exotic than this? That is where it seems backwards to me. If I'm reading this correctly, we are OK if we use a symmetrical algorithm with key length greater than (in excess of) 56-bits. But if we use an algorithm, with less thanb 56-bits we're considered exotic? Really? For example, Calc has a ROT13() spreadsheet function, which undoubtedly is a weak symmetrical encryption technique, certainly not one with a key length in excess of 56-bits. So what now? In other words, I'm puzzled by the in excess part. They seem to be saying that strong encryption is regulated less than weak encryption. Could you explain where I'm getting this wrong? It looks to me like the key phrase is any unusual cryptography beyond ECCN 5D002, and the definition of that phrase is the cited block, as opposed to the cited block being a definition of ECCN 5D002. I am having a remarkably hard time finding a definition of ECCN 5D002. EAR 740.13(e) should be on http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfrsid=bad7a54a31430303e17ce648c13e51b3rgn=div5view=textnode=15:2.1.3.4.25idno=15#15:2.1.3.4.25.0.1.13 Robert
RE: Request dev help: Info for required crypto export declaration
Technically, this was to have been resolved before the code was put up on SVN. We need to audit specifically for this rather quickly, and including the places that Rob also identified (import-export filters and http TLS). - Dennis -Original Message- From: Robert Burrell Donkin [mailto:robertburrelldon...@gmail.com] Sent: Thursday, September 01, 2011 13:13 To: ooo-dev@incubator.apache.org; dennis.hamil...@acm.org Subject: Re: Request dev help: Info for required crypto export declaration [ ... ] So far, looks like OOo most likely has strong crypto but it's all fairly standard stuff. We should press forward with the notification required by law whilst auditing the code. Robert
Re: An invitation to committers to the OOo Community Forums
On Thu, Sep 1, 2011 at 4:29 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: This should really be on its own thread as Terry requested. In any case, I believe the private forums are for roughly the same reasons that the PPMC list is private. The administrators address disputes, deal with bad behavior, etc. But that fact is we don't use ooo-private for that kind of thing. You know that. We've never, ever discussed a bad behavior, dealt with disputes, etc., on ooo-private.We resolve disputes here, on ooo-dev, in full public view. Why would you suggest that we have ever done otherwise? I notice that moderator actions on lists here are not dealt with transparently and why should they be? We don't even know who the moderators are, in general, especially for lists created before there were any lists on which to learn such things. We don't do moderation in the sense that the forums do. We don't hold back posts that are off-topic, that are showing bad behavior, etc. That is not what list moderators do. All we really do is catch posts that come from non-subscribers and do a quick glance to see if they are spam. If not, we let them through.If you read Drew's description of how the forums are dealing with moderation, it sounds like they have a much more intense, secret, deliberative process around moderation. I believe this is similar, in that there are moderation privileges and a place for those with such privileges to discuss matters in private. If not there already, it would be easy to have a public forum in each cluster for issues about the forum itself. There still needs a private means of communication on what are sensitive matters, in the current live system and any counterpart under Apache auspices. We have such a method, if it were needed. It is called ooo-private. If we think that 30 private forums are needed in order to discuss bad behavior in support posts (3 forums per each of 10 languages) then I think we're doing support moderation wrong. -Rob - Dennis -Original Message- From: Rob Weir [mailto:robw...@apache.org] Sent: Thursday, September 01, 2011 12:59 To: ooo-dev@incubator.apache.org Subject: Re: An invitation to committers to the OOo Community Forums On Thu, Sep 1, 2011 at 3:44 PM, Terry Ellison ter...@apache.org wrote: On 01/09/11 20:14, Rob Weir wrote: On Thu, Sep 1, 2011 at 2:56 PM, Terry Ellison te...@ellisons.org.uk wrote: OK, Rob, I now understand your point. I will do as you request. However, it seems to me that by making this request you are creating an interesting catch-22: I far as I can see there are two facets to this invitation. * *Sufficiency*. These forums are closed because this gives the attendees freedom to discuss matters (such as individual poster behaviour) that shouldn't be discussed on a public forum. We only invite trusted forum members to join these lists. (That's is that they've demonstrated that they are responsible and have built up a body of karma with their forum contributions.) I would have thought that being elected a committer could reasonably be deemed to be sufficient to show such trust. * *Necessity*. You seem to want to discuss policy on the governance of the forums from within this DL or ooo-private. I also recall some of your previous comments which indicate that these people (who have committed hundreds if not thousands of hours to supporting this service) do not merit committer status unless they have a wider engagement in the project, and they are therefore excluded from any ooo-private discussions. Yet, it seems to me that it is entirely reasonable that anyone contributing to this discussion should at least have a working knowledge of how the forums operate in practice and currently govern themselves. So I do think it necessary as well. This is incorrect. We're obviously discussing the policy on the public list. We have not discussed this on ooo-private. Discussion of policy regarding the treatment of confidential information is itself not confidential. In fact, such discussions should probably always be public. You are also incorrect in your assumption that volunteers need to contribute in several areas in order to be committers. Someone who makes substantial contributions as a support forum moderator could make a great committer candidate. Ditto for a documentation writer, a tester, a translator, etc. Committers are not just coders. It is about commitment to the project. You are suggesting two problems: 1) We have forum moderators who understand how the forums work, but have not made visible contributions to the project yet, so they are not currently being nominated as committers. 2) We have committers who are not familiar with how the forum operates. And I'm raising the 3rd issue: 3) How the forum operates should not be something that occurs in private.
Re: draft blog post on the Linux build education event
On Thu, Sep 1, 2011 at 3:40 PM, Manfred A. Reiter ma.rei...@gmail.com wrote: thanks for the link. it works fine. blog looks nice and we will what happens next wednesday ;-) It will be interesting. I just did a fresh install of Ubuntu 11.04, totally default, virgin, no extra apt-get's. I'll do the install on that, to make sure we have a good list of what would need to be done to a clean install. M. 2011/9/1 Rob Weir robw...@apache.org: On Thu, Sep 1, 2011 at 1:50 PM, Joe Schaefer joe_schae...@yahoo.com wrote: http://www.apache.org/dev/blogs.html describes the (public) preview url for blog articles. Thanks for the hint, Joe. If I understood it correctly, this version should be viewable. It works for me, but you never know when persistent cookies are playing tricks with you. http://blogs.apache.org/preview/OOo/?previewEntry=apache_openoffice_org_developer_education -Rob
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 9:35 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: Technically, this was to have been resolved before the code was put up on SVN. We need to audit specifically for this rather quickly, and including the places that Rob also identified (import-export filters and http TLS). I definitely recommend a full crypto audit but IIRC it's not necessary before sending the initial notification. AIUI (from [1] and [2]) all that's needed is a list of the cryptographic libraries used by OOo. If the results of the full audit differ then we can just update the details and send an updated notification. Robert [1] http://www.apache.org/dev/crypto.html#sources [2] http://www.apache.org/licenses/exports/
Re: An invitation to committers to the OOo Community Forums
Crazy idea. But is it possible at all to cause all posts to private forums to be echoed to the ooo-private list? That would address several of my concerns: 1) Guaranteed archiving of these posts in a form that Apache Members can inspect, if there is ever a future dispute 2) Allows PPMC and Mentor oversight of the traffic, to ensure that it is not being abused. 3) Makes the full range of contributions of moderators more obvious to the PPMC, which helps make a better case for them being offered committer status. -Rob On Thu, Sep 1, 2011 at 3:44 PM, Terry Ellison ter...@apache.org wrote: On 01/09/11 20:14, Rob Weir wrote: On Thu, Sep 1, 2011 at 2:56 PM, Terry Ellison te...@ellisons.org.uk wrote: OK, Rob, I now understand your point. I will do as you request. However, it seems to me that by making this request you are creating an interesting catch-22: I far as I can see there are two facets to this invitation. * *Sufficiency*. These forums are closed because this gives the attendees freedom to discuss matters (such as individual poster behaviour) that shouldn't be discussed on a public forum. We only invite trusted forum members to join these lists. (That's is that they've demonstrated that they are responsible and have built up a body of karma with their forum contributions.) I would have thought that being elected a committer could reasonably be deemed to be sufficient to show such trust. * *Necessity*. You seem to want to discuss policy on the governance of the forums from within this DL or ooo-private. I also recall some of your previous comments which indicate that these people (who have committed hundreds if not thousands of hours to supporting this service) do not merit committer status unless they have a wider engagement in the project, and they are therefore excluded from any ooo-private discussions. Yet, it seems to me that it is entirely reasonable that anyone contributing to this discussion should at least have a working knowledge of how the forums operate in practice and currently govern themselves. So I do think it necessary as well. This is incorrect. We're obviously discussing the policy on the public list. We have not discussed this on ooo-private. Discussion of policy regarding the treatment of confidential information is itself not confidential. In fact, such discussions should probably always be public. You are also incorrect in your assumption that volunteers need to contribute in several areas in order to be committers. Someone who makes substantial contributions as a support forum moderator could make a great committer candidate. Ditto for a documentation writer, a tester, a translator, etc. Committers are not just coders. It is about commitment to the project. You are suggesting two problems: 1) We have forum moderators who understand how the forums work, but have not made visible contributions to the project yet, so they are not currently being nominated as committers. 2) We have committers who are not familiar with how the forum operates. And I'm raising the 3rd issue: 3) How the forum operates should not be something that occurs in private. There is a clear solution here: 1) Have those who understand how the forum operates today write this up in detail as a contribution to the project's website 2) This would help other committers understand how this works and avoids the newbie problem you are concerned with, though we are probably not half as dumb as you seem to be assuming. I, for example, have run a phpBB board before. The issue isn't about phpBB, its more about we operate *these* forums. 3) This also gives the PPMC and Mentors an opportunity to review the forum procedures and ensure they conform Apache expectations, etc. This is something we should be doing anyways. 4) This effort, both in writing up the procedures, and educating the existing committers, and through this mutual discussion, would probably be a sufficient sign of commitment to get the moderators who are do this work to be nominated as project committers. So a win-win situation, all around. Rob, I think that on your last comments we are lot closer than on your first reply. However, we can either choose to make this change: A) a disruptive one: that is we lay down some (from the perspective of the volunteers who are currently doing this work) arbitrary and seemly irrational new rules on a love it or leave it basis. In my experience many or most will leave given this sort of diktat. It's a good way to kill off a service. B) an evolutionary one: that is we engage constructively and get to understand the range of perspectives then move the service incrementally to an end-point that is mutually acceptable. In my experience many or most supporters will leave when faced with the (A) sort of diktat. (B) works a LOT better, especially when the people
Re: An invitation to committers to the OOo Community Forums
On Thu, 2011-09-01 at 16:26 -0400, Rob Weir wrote: On Thu, Sep 1, 2011 at 4:00 PM, drew d...@baseanswers.com wrote: On Thu, 2011-09-01 at 19:56 +0100, Terry Ellison wrote: snip 5) If, hypothetically, you did not have the ability to do peer reviews and discussion on specific posts by named users, what would happen then? Is there any particular reason why you could not have a public discussion about a post that you are considering deleting? Maybe in a forum that only moderators can post to, of course. But is there any reason you could not be transparent about how moderation works? This might actually help enforce what your usage expectations are. I just described the process - in practice it happens quite infrequently - the overwhelming deletes are just simple and not so simple attempts to use the forums as a link farm. There are people that actually run adds for contractors to do this type of thing - and it usually takes a few posts to catch on to what they are up to. Simply being discourteous or rude isn't going to get you here. People show up all the time pissed and frustrated and often blow off steam, sometimes quite vigorously and that's fine - but if it turns into f this and f that, and you sob this or bastards that...then quite frankly no that will not be tolerated. Nearly all of what a person does there is just as you described, getting people to refine a question so it makes sense, or getting it to the right place, or recognizing a bug report and getting it into the issue tracker. As for trusting people, we do that in spades, it's not about trust it is about working collaboratively. I noticed for instance that just today on the Apache Infra mailing list, Terry had implemented something, another person on the list rolled it back and then told Terry why - they then discussed it - I don't think that was a matter of lack of trust, it was a matter of them learning to work together. //drew
Re: An invitation to committers to the OOo Community Forums
On Thu, 2011-09-01 at 16:40 -0400, Rob Weir wrote: We have such a method, if it were needed. It is called ooo-private. If we think that 30 private forums are needed in order to discuss bad behavior in support posts (3 forums per each of 10 languages) Come on Rob, people like to work in there own language what is so hard to understand about that?
Re: [code] build on Linux 64 bits (Fedora 15)
Hi, Le 1 sept. 11 à 23:25, Ariel Constenla-Haile a écrit : (I just wanted to try with the same options I was building DEV300) I get the following errors: * enabling the OpenGL transitions: Compiling: slideshow/source/engine/OGLTrans/ OGLTrans_TransitionerImpl.cxx slideshow/source/engine/OGLTrans/OGLTrans_TransitionerImpl.cxx: In member function 'bool {anonymous}::OGLTransitionerImpl::createWindow (Window*)': slideshow/source/engine/OGLTrans/OGLTrans_TransitionerImpl.cxx: 490:28: error: 'FALSE' was not declared in this scope slideshow/source/engine/OGLTrans/OGLTrans_TransitionerImpl.cxx: 496:28: error: 'FALSE' was not declared in this scope slideshow/source/engine/OGLTrans/OGLTrans_TransitionerImpl.cxx: 520:68: error: 'FALSE' was not declared in this scope slideshow/source/engine/OGLTrans/OGLTrans_TransitionerImpl.cxx: 546:34: error: 'TRUE' was not declared in this scope slideshow/source/engine/OGLTrans/OGLTrans_TransitionerImpl.cxx: 548:36: error: 'FALSE' was not declared in this scope dmake: Error code 1, while making '../../../unxlngx6.pro/slo/ OGLTrans_TransitionerImpl.obj' seems the code missed the removal of the old tool's types. Once we'll have a stabilized tree, means something buildable without a headhache (l10n e.g.), I'll have a look at the OpenGL thing too. Regards, Eric -- qɔᴉɹə Education Project: http://wiki.services.openoffice.org/wiki/Education_Project Projet OOo4Kids : http://wiki.ooo4kids.org/index.php/Main_Page L'association EducOOo : http://www.educoo.org Blog : http://eric.bachard.org/news
Re: Apache project community and external community
On 1 September 2011 17:27, Ian Lynch ianrly...@gmail.com wrote: My view is how do we make FOSS more effective? Partly as a Committer here within the rules associated with that, partly through my business with the rules and constraints that has and partly with LibreO, why worry? If you can do what you want within the rules just do it. If you can't, do those things somewhere else where its ok. Exactly! The whole point of the ASF way of doing things is that the foundation stays very tightly focussed on what it does well. It cultivates communities of people who congregate around needs that can be satisfied by software. That means the foundation provides infrastructure to support the communities that build the software. The foundation tries to stay out of everything else, others do those things better. For example, the Conference Committee doesn't organise conferences, it supports people willing to create the local teams who put on great conferences. The Community Development PMC doesn't fund internships, it manages the relationship between providers of internships and the ASF and so on. The foundations projects do, however, recognise people who seek to build bridges. Those people are critical to healthy communities and should be recognised as such. I can think of a few foundation members who do not write code, they have become foundation members because they build bridges. Ross
Re: Administrative controls / management of the mailing lists
Dennis, The short answer is IMHO: that's correct -- No. As to the long one: ... Oracle stopped its major funding of OOo as a mainstream product for sound commercial reasons -- though this has resulted in personal consequences for a lot of people who worked on OOo and who no longer have a job. Now we've now got some services running unmanned, because the people have gone. We were lucky as far as the OOo wiki was concerned in that I was already providing expert support to the Oracle guy who ran the system, and I was able to step in with his active cooperation before he left the building. I believe that Oracle that wants to ensure a bumpless transfer to the Apache project wherever possible, and it will find the necessary mechanisms to grant project members who have the right technical skills and track record to take over these systems. Our main problem is that this list currently seems to contains one name -- mine, though there are others who could potentially step into this gap: for example Raphael, Kay and Drew. However we are all already working to our limits. Maybe we just need a cloning machine :( Quite honestly -- and I can only speak personally -- at the moment I feel that I am caught between a rock and a hard place. My work is time consuming and the skills are different to the mainstream C++ trained OOo developer, but they are also different to a pure sysAdmin. In some ways you need to be an expert in *both* these worlds and to be able to integrate this expertise. I am not talking about enthusiastic newbie volunteers; I am talking about hacks who have done this so many times that it's routine. Again this only my personal experience, but I feel that Apache is unwelcoming to newcomers and this seems to be an endemic culture, albeit strongly advocated by a few individuals. It is intolerant and often outrightly hostile to domains of expertise outside its comfort area -- even though these may be more relevant to the work and Apache's wider mission. In short I am being asked to work long hours on technically demanding tasks in a dysfunctional environment. If I was being paid to do what I am doing now, then I would be seriously thinking about changing jobs -- and this is from a guy who spent 32 years working with the same company working to get to its top technical tier -- and also one who is now doing this work pro-bono. So we do have the means in terms of Oracle enabling, but we, the project, don't have the resources / expertise to step up to this. If I am still here in 3 months and this is still an outstanding issue, then I'll try to sort it out. Regards Terry On 01/09/11 20:59, Dennis E. Hamilton wrote: Um, so your answer is no? You do not have any means to deal with that mailing list issue on the live openoffice.org site? Any suggestions? - Dennis -Original Message- From: Terry Ellison [mailto:te...@ellisons.org.uk] Sent: Thursday, September 01, 2011 12:04 To:dennis.hamil...@acm.org Cc:ooo-dev@incubator.apache.org Subject: Administrative controls / management of the mailing lists Dennis, As we've discussed previously there is almost a religious split between those that work on forums and those that work on MLs and DLs. Very few of those involved in the governance of the forums would have anything to do with DLs/MLs and v.v. However, what you are really talking about is a configuration issue of the mail forwarder. It's more an application issue if we get control of the application support. I have exactly the same issues with my mail responder that is built into the forums. Terry, do you know if those administrative controls extend to the management of the mailing lists, such as the ones for http://fr.openoffice.org (apparently at http://openoffice.org/projects/fr/lists). Do you have any information on how we can empower someone to block a bad echo? Every post to the more-heavily-populated lists there generates three notices fromservice-clie...@sc.sfr.fr. Then we need to find the subscribers whose e-mail addresses are landing at the responding site and disable those. I also fear that there is nothing in our planned work to preserve these portions of the openoffice.org domain. - Dennis -Original Message- From: Terry Ellison [mailto:te...@ellisons.org.uk] Sent: Thursday, September 01, 2011 09:47 To:ooo-dev@incubator.apache.org Subject: An invitation to committers to the OOo Community Forums Anyone is able to join the OOo Community forums, but we also have a number of closed forums use for internal management of the site. If any committers would like to have access to these, then just make sure that they've got an active account on the current production service (not ooo-forums.apache.org) and email me me from it requesting access. I will then raise you to volunteer so that you can see the main closed forums. Please note: the forum rules apply to all and all volunteers are expected to follow them -- including
RE: Administrative controls / management of the mailing lists
-Original Message- From: Terry Ellison [mailto:te...@ellisons.org.uk] Sent: Friday, 2 September 2011 8:02 AM To: dennis.hamil...@acm.org Cc: ooo-dev@incubator.apache.org Subject: Re: Administrative controls / management of the mailing lists Dennis, The short answer is IMHO: that's correct -- No. As to the long one: ... Oracle stopped its major funding of OOo as a mainstream product for sound commercial reasons -- though this has resulted in personal consequences for a lot of people who worked on OOo and who no longer have a job. Now we've now got some services running unmanned, because the people have gone. We were lucky as far as the OOo wiki was concerned in that I was already providing expert support to the Oracle guy who ran the system, and I was able to step in with his active cooperation before he left the building. I believe that Oracle that wants to ensure a bumpless transfer to the Apache project wherever possible, and it will find the necessary mechanisms to grant project members who have the right technical skills and track record to take over these systems. Our main problem is that this list currently seems to contains one name -- mine, though there are others who could potentially step into this gap: for example Raphael, Kay and Drew. However we are all already working to our limits. Maybe we just need a cloning machine :( Once we have documentation in place, any infra person can jump in and help should the need arise. Quite honestly -- and I can only speak personally -- at the moment I feel that I am caught between a rock and a hard place. My work is time consuming and the skills are different to the mainstream C++ trained OOo developer, but they are also different to a pure sysAdmin. In some ways you need to be an expert in *both* these worlds and to be able to integrate this expertise. I am not talking about enthusiastic newbie volunteers; I am talking about hacks who have done this so many times that it's routine. Again this only my personal experience, but I feel that Apache is unwelcoming to newcomers and this seems to be an endemic culture, albeit strongly advocated by a few individuals. It is intolerant and often outrightly hostile to domains of expertise outside its comfort area -- even though these may be more relevant to the work and Apache's wider mission. In short I am being asked to work long hours on technically demanding tasks in a dysfunctional environment. Nobody is asking you to so anything, you are a volunteer, you can do zero hours if it pleases you, Your hours are governed by what you want to put in, not what anybody tells you to do. Please explain what you mean by dysfunctional? FWIW I've been bending over backwards trying to help you with infra stuff, but you are a stubborn old git who will not listen to how we do things around here. We have accommodated just about every need, every weird way you do things, now it is time for you to listen to us and fit in with us. I've been prepared to help you do this but then you just go and piss me off with outlandish emails like this one. If I was being paid to do what I am doing now, then I would be seriously thinking about changing jobs -- and this is from a guy who spent 32 years working with the same company working to get to its top technical tier -- and also one who is now doing this work pro-bono. This is a volunteer organisation, guess what, you are not the only person here doing work for nothing. Please do not yet again spout off your credentials or your countless millions of hours spent on this, we KNOW, we are very grateful but I am getting tired of you always shoving it in our face as an excuse for us to have to bow down and do it the Terry way. We are not stupid, do not treat us as stupid. You are not stupid, we know that. We are not here to piss you off, but you seem to trying very hard to do that to me at least. Now, quit the jibes and learn to do things in a way that will please us all. Gav... So we do have the means in terms of Oracle enabling, but we, the project, don't have the resources / expertise to step up to this. If I am still here in 3 months and this is still an outstanding issue, then I'll try to sort it out. Regards Terry On 01/09/11 20:59, Dennis E. Hamilton wrote: Um, so your answer is no? You do not have any means to deal with that mailing list issue on the live openoffice.org site? Any suggestions? - Dennis -Original Message- From: Terry Ellison [mailto:te...@ellisons.org.uk] Sent: Thursday, September 01, 2011 12:04 To:dennis.hamil...@acm.org Cc:ooo-dev@incubator.apache.org Subject: Administrative controls / management of the mailing lists Dennis, As we've discussed previously there is almost a religious split between those that work on forums and those that work on MLs and DLs. Very few of those involved in the governance of the forums
Re: Administrative controls / management of the mailing lists
You two are some of the smartest admins I know, and I've known a few. With mastery obviously comes strong opinions and equally strong working habits. This is probably the largest migration effort Apache has ever done. It is certainly a huge effort from OOo's perspective, since it is a technical, procedural and social change. We obviously really need both of your help in the coming days and weeks. Can we find a way to cool off rather than escalate? Tomorrow is another day. Thanks, -Rob On Thu, Sep 1, 2011 at 6:22 PM, Gavin McDonald ga...@16degrees.com.au wrote: -Original Message- From: Terry Ellison [mailto:te...@ellisons.org.uk] Sent: Friday, 2 September 2011 8:02 AM To: dennis.hamil...@acm.org Cc: ooo-dev@incubator.apache.org Subject: Re: Administrative controls / management of the mailing lists Dennis, The short answer is IMHO: that's correct -- No. As to the long one: ... Oracle stopped its major funding of OOo as a mainstream product for sound commercial reasons -- though this has resulted in personal consequences for a lot of people who worked on OOo and who no longer have a job. Now we've now got some services running unmanned, because the people have gone. We were lucky as far as the OOo wiki was concerned in that I was already providing expert support to the Oracle guy who ran the system, and I was able to step in with his active cooperation before he left the building. I believe that Oracle that wants to ensure a bumpless transfer to the Apache project wherever possible, and it will find the necessary mechanisms to grant project members who have the right technical skills and track record to take over these systems. Our main problem is that this list currently seems to contains one name -- mine, though there are others who could potentially step into this gap: for example Raphael, Kay and Drew. However we are all already working to our limits. Maybe we just need a cloning machine :( Once we have documentation in place, any infra person can jump in and help should the need arise. Quite honestly -- and I can only speak personally -- at the moment I feel that I am caught between a rock and a hard place. My work is time consuming and the skills are different to the mainstream C++ trained OOo developer, but they are also different to a pure sysAdmin. In some ways you need to be an expert in *both* these worlds and to be able to integrate this expertise. I am not talking about enthusiastic newbie volunteers; I am talking about hacks who have done this so many times that it's routine. Again this only my personal experience, but I feel that Apache is unwelcoming to newcomers and this seems to be an endemic culture, albeit strongly advocated by a few individuals. It is intolerant and often outrightly hostile to domains of expertise outside its comfort area -- even though these may be more relevant to the work and Apache's wider mission. In short I am being asked to work long hours on technically demanding tasks in a dysfunctional environment. Nobody is asking you to so anything, you are a volunteer, you can do zero hours if it pleases you, Your hours are governed by what you want to put in, not what anybody tells you to do. Please explain what you mean by dysfunctional? FWIW I've been bending over backwards trying to help you with infra stuff, but you are a stubborn old git who will not listen to how we do things around here. We have accommodated just about every need, every weird way you do things, now it is time for you to listen to us and fit in with us. I've been prepared to help you do this but then you just go and piss me off with outlandish emails like this one. If I was being paid to do what I am doing now, then I would be seriously thinking about changing jobs -- and this is from a guy who spent 32 years working with the same company working to get to its top technical tier -- and also one who is now doing this work pro-bono. This is a volunteer organisation, guess what, you are not the only person here doing work for nothing. Please do not yet again spout off your credentials or your countless millions of hours spent on this, we KNOW, we are very grateful but I am getting tired of you always shoving it in our face as an excuse for us to have to bow down and do it the Terry way. We are not stupid, do not treat us as stupid. You are not stupid, we know that. We are not here to piss you off, but you seem to trying very hard to do that to me at least. Now, quit the jibes and learn to do things in a way that will please us all. Gav... So we do have the means in terms of Oracle enabling, but we, the project, don't have the resources / expertise to step up to this. If I am still here in 3 months and this is still an outstanding issue, then I'll try to sort it out. Regards Terry On 01/09/11 20:59, Dennis E. Hamilton wrote: Um, so your answer is no? You
Re: Administrative controls / management of the mailing lists
On 1 Sep 2011, at 23:02, Terry Ellison wrote: Dennis, The short answer is IMHO: that's correct -- No. As to the long one: ... Oracle stopped its major funding of OOo as a mainstream product for sound commercial reasons -- though this has resulted in personal consequences for a lot of people who worked on OOo and who no longer have a job. Now we've now got some services running unmanned, because the people have gone. We were lucky as far as the OOo wiki was concerned in that I was already providing expert support to the Oracle guy who ran the system, and I was able to step in with his active cooperation before he left the building. I believe that Oracle that wants to ensure a bumpless transfer to the Apache project wherever possible, and it will find the necessary mechanisms to grant project members who have the right technical skills and track record to take over these systems. Our main problem is that this list currently seems to contains one name -- mine, though there are others who could potentially step into this gap: for example Raphael, Kay and Drew. However we are all already working to our limits. Maybe we just need a cloning machine :( All we would need is some documentation and then infra can help out with this as needed. Quite honestly -- and I can only speak personally -- at the moment I feel that I am caught between a rock and a hard place. My work is time consuming and the skills are different to the mainstream C++ trained OOo developer, but they are also different to a pure sysAdmin. In some ways you need to be an expert in *both* these worlds and to be able to integrate this expertise. I am not talking about enthusiastic newbie volunteers; I am talking about hacks who have done this so many times that it's routine. Again this only my personal experience, but I feel that Apache is unwelcoming to newcomers and this seems to be an endemic culture, albeit strongly advocated by a few individuals. I wouldn't disagree with you, but I certainly wouldn't outright agree with you. It is intolerant and often outrightly hostile to domains of expertise outside its comfort area -- even though these may be more relevant to the work and Apache's wider mission. In short I am being asked to work long hours on technically demanding tasks in a dysfunctional environment. If I was being paid to do what I am doing now, then I would be seriously thinking about changing jobs -- and this is from a guy who spent 32 years working with the same company working to get to its top technical tier -- and also one who is now doing this work pro-bono. Oh my god. I am starting to get bored with your relentless tirades about how you are working so hard, and long hours. Join the frickin' club, you are by no means the only one who does this, and you certainly won't be the last. This is after all a volunteer organisation. In other words get off your high horse. Calm down, and please try to adjust to our way of working. Thus far we have essentially done what ever you have asked of us, regardless of how daft they sounded to us. Please don't keep rolling out how you have spent your working life, getting to the top of the pile. It's hardly a glowing reference, I mean EDS is hardly well known for it's quality of service. But this is my personal opinion. You know what, all you have managed to achieve in the past few weeks is get my back up with your petulant comments and side swipes at the infra team in general. Several of us how gone out of our way to provide you with answers to questions you had. I even explained something to you at great pain in IRC, only for you to ignore me. You basically lost me there. Why does everything seem to have to be molehill - mountain with you? If you can't take criticism or feedback, the infra group will feel like an over-bearing place to be, but we actually have the best of intentions. So, when you are ready to listen to what advice and feedback we have given you, and you stop throwing your tantrums - I for one would be willing to welcome you back so we can all move on and see some results. So we do have the means in terms of Oracle enabling, but we, the project, don't have the resources / expertise to step up to this. If I am still here in 3 months and this is still an outstanding issue, then I'll try to sort it out. Regards Terry On 01/09/11 20:59, Dennis E. Hamilton wrote: Um, so your answer is no? You do not have any means to deal with that mailing list issue on the live openoffice.org site? Any suggestions? - Dennis -Original Message- From: Terry Ellison [mailto:te...@ellisons.org.uk] Sent: Thursday, September 01, 2011 12:04 To:dennis.hamil...@acm.org Cc:ooo-dev@incubator.apache.org Subject: Administrative controls / management of the mailing lists Dennis, As we've discussed previously there is almost a religious
Re: Fwd: openoffice.org not responding
HI--there still seems to be some issues...was OK early this am but now...VERY slow again. No idea what's going on. On 09/01/2011 09:30 AM, Andrew Rist wrote: On 8/31/2011 10:43 PM, Jürgen Schmidt wrote: On Wed, Aug 31, 2011 at 9:02 PM, Kay Schenkkay.sch...@gmail.com wrote: Hi Andrew-- On 08/31/2011 10:17 AM, Andrew Rist wrote: This is not related to the DNS transfer. That process has not yet begun, and appropriate warning will be given when it is. That transfer should painless when it occurs, as it will only involve changing the owner of the DNS entries, not the content of them. (looks like OOo kenai are back. I have not determined what the issue was, but it was not related to transfer of OOo or any decommissioning of the servers) well good news, but panic nonetheless. Maybe a wake-up call to get stuff moved (somewhere) as quickly as possible. Definitely a priority with me at the moment! :/ i still can't reach www.openoffice.org, api.openoffice.org or hg.services.openoffice.org, ... Juergen All three are up for me. I am guessing that the refresh on the DNS may have contributed to the problem. Andrew Andrew On 8/31/2011 5:05 AM, Dave Fisher wrote: Hi Andrew, It looks like openoffice.org is still down, odftoolkit.org is also down. It looks like all of Kenai is down. Is the dns transfer in flux, or wrong? Is there a wrong action on INFRA-3898? Please advise. Thanks, Dave Begin forwarded message: From: Simon Brouwersimon.o...@xs4all.nl Date: August 30, 2011 11:06:46 AM PDT To:ooo-dev@incubator.apache.**orgto%3aooo-...@incubator.apache.org Cc: Kay Schenkkay.sch...@gmail.com Subject: Re: openoffice.org not responding Reply-To:ooo-dev@incubator.**apache.orgreply-to%3aooo-...@incubator.apache.org Reply-To:simon.o...@xs4all.nl Hi Kay, nl.openoffice.org is up, but server response is really slow. I wanted to manage mailinglists since yesterday but had to give up getting timeout after timeout. Best regards Simon Op 30-8-2011 20:01, Kay Schenk schreef: Re Eike's post of about an hour ago. Does anyone know what's going on with openoffice.org orwww.openoffice.org. kenai.org is up but not openoffice.org. -- Vriendelijke groet, Simon Brouwer. |http://nl.openoffice.org |http://www.opentaal.org | -- Oracle Email Signature Logo Andrew Rist | Interoperability Architect Oracle Corporate Architecture Group Redwood Shores, CA | 650.506.9847 -- --**--** MzK Music expresses that which cannot be said and on which it is impossible to be silent. -- Victor Hugo -- MzK Music expresses that which cannot be said and on which it is impossible to be silent. -- Victor Hugo
Re: Administrative controls / management of the mailing lists
The problem isn't Gavin needs to cool off. The problem is Terry and Infra need to find a way to work together without constantly stepping on each other's toes. On Thu, 01 Sep 2011 18:33 -0400, Rob Weir robw...@apache.org wrote: You two are some of the smartest admins I know, and I've known a few. With mastery obviously comes strong opinions and equally strong working habits. This is probably the largest migration effort Apache has ever done. It is certainly a huge effort from OOo's perspective, since it is a technical, procedural and social change. We obviously really need both of your help in the coming days and weeks. Can we find a way to cool off rather than escalate? Tomorrow is another day. Thanks, -Rob On Thu, Sep 1, 2011 at 6:22 PM, Gavin McDonald ga...@16degrees.com.au wrote: -Original Message- From: Terry Ellison [mailto:te...@ellisons.org.uk] Sent: Friday, 2 September 2011 8:02 AM To: dennis.hamil...@acm.org Cc: ooo-dev@incubator.apache.org Subject: Re: Administrative controls / management of the mailing lists Dennis, The short answer is IMHO: that's correct -- No. As to the long one: ... Oracle stopped its major funding of OOo as a mainstream product for sound commercial reasons -- though this has resulted in personal consequences for a lot of people who worked on OOo and who no longer have a job. Now we've now got some services running unmanned, because the people have gone. We were lucky as far as the OOo wiki was concerned in that I was already providing expert support to the Oracle guy who ran the system, and I was able to step in with his active cooperation before he left the building. I believe that Oracle that wants to ensure a bumpless transfer to the Apache project wherever possible, and it will find the necessary mechanisms to grant project members who have the right technical skills and track record to take over these systems. Our main problem is that this list currently seems to contains one name -- mine, though there are others who could potentially step into this gap: for example Raphael, Kay and Drew. However we are all already working to our limits. Maybe we just need a cloning machine :( Once we have documentation in place, any infra person can jump in and help should the need arise. Quite honestly -- and I can only speak personally -- at the moment I feel that I am caught between a rock and a hard place. My work is time consuming and the skills are different to the mainstream C++ trained OOo developer, but they are also different to a pure sysAdmin. In some ways you need to be an expert in *both* these worlds and to be able to integrate this expertise. I am not talking about enthusiastic newbie volunteers; I am talking about hacks who have done this so many times that it's routine. Again this only my personal experience, but I feel that Apache is unwelcoming to newcomers and this seems to be an endemic culture, albeit strongly advocated by a few individuals. It is intolerant and often outrightly hostile to domains of expertise outside its comfort area -- even though these may be more relevant to the work and Apache's wider mission. In short I am being asked to work long hours on technically demanding tasks in a dysfunctional environment. Nobody is asking you to so anything, you are a volunteer, you can do zero hours if it pleases you, Your hours are governed by what you want to put in, not what anybody tells you to do. Please explain what you mean by dysfunctional? FWIW I've been bending over backwards trying to help you with infra stuff, but you are a stubborn old git who will not listen to how we do things around here. We have accommodated just about every need, every weird way you do things, now it is time for you to listen to us and fit in with us. I've been prepared to help you do this but then you just go and piss me off with outlandish emails like this one. If I was being paid to do what I am doing now, then I would be seriously thinking about changing jobs -- and this is from a guy who spent 32 years working with the same company working to get to its top technical tier -- and also one who is now doing this work pro-bono. This is a volunteer organisation, guess what, you are not the only person here doing work for nothing. Please do not yet again spout off your credentials or your countless millions of hours spent on this, we KNOW, we are very grateful but I am getting tired of you always shoving it in our face as an excuse for us to have to bow down and do it the Terry way. We are not stupid, do not treat us as stupid. You are not stupid, we know that. We are not here to piss you off, but you seem to trying very hard to do that to me at least. Now, quit the jibes and learn to do things in a way that will please us
Re: draft blog post on the Linux build education event
On 09/01/2011 01:53 PM, Rob Weir wrote: On Thu, Sep 1, 2011 at 3:40 PM, Manfred A. Reiterma.rei...@gmail.com wrote: thanks for the link. it works fine. blog looks nice and we will what happens next wednesday ;-) It will be interesting. I just did a fresh install of Ubuntu 11.04, totally default, virgin, no extra apt-get's. I'll do the install on that, to make sure we have a good list of what would need to be done to a clean install. LOVELY! :) M. 2011/9/1 Rob Weirrobw...@apache.org: On Thu, Sep 1, 2011 at 1:50 PM, Joe Schaeferjoe_schae...@yahoo.com wrote: http://www.apache.org/dev/blogs.html describes the (public) preview url for blog articles. Thanks for the hint, Joe. If I understood it correctly, this version should be viewable. It works for me, but you never know when persistent cookies are playing tricks with you. http://blogs.apache.org/preview/OOo/?previewEntry=apache_openoffice_org_developer_education -Rob -- MzK Music expresses that which cannot be said and on which it is impossible to be silent. -- Victor Hugo
Re: Administrative controls / management of the mailing lists
On Thu, Sep 1, 2011 at 6:45 PM, Daniel Shahaf d...@daniel.shahaf.name wrote: The problem isn't Gavin needs to cool off. The problem is Terry and Infra need to find a way to work together without constantly stepping on each other's toes. Fnding this way to work together will be easier if we all step back and cool off. Escalating insults has a way of reaching a point of no return. We should try to avoid that. I'm not pointing fingers at anyone. -Rob On Thu, 01 Sep 2011 18:33 -0400, Rob Weir robw...@apache.org wrote: You two are some of the smartest admins I know, and I've known a few. With mastery obviously comes strong opinions and equally strong working habits. This is probably the largest migration effort Apache has ever done. It is certainly a huge effort from OOo's perspective, since it is a technical, procedural and social change. We obviously really need both of your help in the coming days and weeks. Can we find a way to cool off rather than escalate? Tomorrow is another day. Thanks, -Rob On Thu, Sep 1, 2011 at 6:22 PM, Gavin McDonald ga...@16degrees.com.au wrote: -Original Message- From: Terry Ellison [mailto:te...@ellisons.org.uk] Sent: Friday, 2 September 2011 8:02 AM To: dennis.hamil...@acm.org Cc: ooo-dev@incubator.apache.org Subject: Re: Administrative controls / management of the mailing lists Dennis, The short answer is IMHO: that's correct -- No. As to the long one: ... Oracle stopped its major funding of OOo as a mainstream product for sound commercial reasons -- though this has resulted in personal consequences for a lot of people who worked on OOo and who no longer have a job. Now we've now got some services running unmanned, because the people have gone. We were lucky as far as the OOo wiki was concerned in that I was already providing expert support to the Oracle guy who ran the system, and I was able to step in with his active cooperation before he left the building. I believe that Oracle that wants to ensure a bumpless transfer to the Apache project wherever possible, and it will find the necessary mechanisms to grant project members who have the right technical skills and track record to take over these systems. Our main problem is that this list currently seems to contains one name -- mine, though there are others who could potentially step into this gap: for example Raphael, Kay and Drew. However we are all already working to our limits. Maybe we just need a cloning machine :( Once we have documentation in place, any infra person can jump in and help should the need arise. Quite honestly -- and I can only speak personally -- at the moment I feel that I am caught between a rock and a hard place. My work is time consuming and the skills are different to the mainstream C++ trained OOo developer, but they are also different to a pure sysAdmin. In some ways you need to be an expert in *both* these worlds and to be able to integrate this expertise. I am not talking about enthusiastic newbie volunteers; I am talking about hacks who have done this so many times that it's routine. Again this only my personal experience, but I feel that Apache is unwelcoming to newcomers and this seems to be an endemic culture, albeit strongly advocated by a few individuals. It is intolerant and often outrightly hostile to domains of expertise outside its comfort area -- even though these may be more relevant to the work and Apache's wider mission. In short I am being asked to work long hours on technically demanding tasks in a dysfunctional environment. Nobody is asking you to so anything, you are a volunteer, you can do zero hours if it pleases you, Your hours are governed by what you want to put in, not what anybody tells you to do. Please explain what you mean by dysfunctional? FWIW I've been bending over backwards trying to help you with infra stuff, but you are a stubborn old git who will not listen to how we do things around here. We have accommodated just about every need, every weird way you do things, now it is time for you to listen to us and fit in with us. I've been prepared to help you do this but then you just go and piss me off with outlandish emails like this one. If I was being paid to do what I am doing now, then I would be seriously thinking about changing jobs -- and this is from a guy who spent 32 years working with the same company working to get to its top technical tier -- and also one who is now doing this work pro-bono. This is a volunteer organisation, guess what, you are not the only person here doing work for nothing. Please do not yet again spout off your credentials or your countless millions of hours spent on this, we KNOW, we are very grateful but I am getting tired of you always shoving it in our face as an excuse
Re: Administrative controls / management of the mailing lists
Some concrete possible ways forward: * Terry and Infra work together, migration continues, Terry sets up the service and documents it alongside all the other Infra services. * Infra assumes responsibility for the services and the migration. * Infra sets up a VM and tells the PPMC to assume responsibility for the rest. Infra has oversight and access to all VMs, though. * The PPMC finds a solution that doesn't involve Infra. (eg, Board budget to pay for external hosting) On Fri, 02 Sep 2011 01:45 +0300, Daniel Shahaf d...@daniel.shahaf.name wrote: The problem isn't Gavin needs to cool off. The problem is Terry and Infra need to find a way to work together without constantly stepping on each other's toes. On Thu, 01 Sep 2011 18:33 -0400, Rob Weir robw...@apache.org wrote: You two are some of the smartest admins I know, and I've known a few. With mastery obviously comes strong opinions and equally strong working habits. This is probably the largest migration effort Apache has ever done. It is certainly a huge effort from OOo's perspective, since it is a technical, procedural and social change. We obviously really need both of your help in the coming days and weeks. Can we find a way to cool off rather than escalate? Tomorrow is another day. Thanks, -Rob On Thu, Sep 1, 2011 at 6:22 PM, Gavin McDonald ga...@16degrees.com.au wrote: -Original Message- From: Terry Ellison [mailto:te...@ellisons.org.uk] Sent: Friday, 2 September 2011 8:02 AM To: dennis.hamil...@acm.org Cc: ooo-dev@incubator.apache.org Subject: Re: Administrative controls / management of the mailing lists Dennis, The short answer is IMHO: that's correct -- No. As to the long one: ... Oracle stopped its major funding of OOo as a mainstream product for sound commercial reasons -- though this has resulted in personal consequences for a lot of people who worked on OOo and who no longer have a job. Now we've now got some services running unmanned, because the people have gone. We were lucky as far as the OOo wiki was concerned in that I was already providing expert support to the Oracle guy who ran the system, and I was able to step in with his active cooperation before he left the building. I believe that Oracle that wants to ensure a bumpless transfer to the Apache project wherever possible, and it will find the necessary mechanisms to grant project members who have the right technical skills and track record to take over these systems. Our main problem is that this list currently seems to contains one name -- mine, though there are others who could potentially step into this gap: for example Raphael, Kay and Drew. However we are all already working to our limits. Maybe we just need a cloning machine :( Once we have documentation in place, any infra person can jump in and help should the need arise. Quite honestly -- and I can only speak personally -- at the moment I feel that I am caught between a rock and a hard place. My work is time consuming and the skills are different to the mainstream C++ trained OOo developer, but they are also different to a pure sysAdmin. In some ways you need to be an expert in *both* these worlds and to be able to integrate this expertise. I am not talking about enthusiastic newbie volunteers; I am talking about hacks who have done this so many times that it's routine. Again this only my personal experience, but I feel that Apache is unwelcoming to newcomers and this seems to be an endemic culture, albeit strongly advocated by a few individuals. It is intolerant and often outrightly hostile to domains of expertise outside its comfort area -- even though these may be more relevant to the work and Apache's wider mission. In short I am being asked to work long hours on technically demanding tasks in a dysfunctional environment. Nobody is asking you to so anything, you are a volunteer, you can do zero hours if it pleases you, Your hours are governed by what you want to put in, not what anybody tells you to do. Please explain what you mean by dysfunctional? FWIW I've been bending over backwards trying to help you with infra stuff, but you are a stubborn old git who will not listen to how we do things around here. We have accommodated just about every need, every weird way you do things, now it is time for you to listen to us and fit in with us. I've been prepared to help you do this but then you just go and piss me off with outlandish emails like this one. If I was being paid to do what I am doing now, then I would be seriously thinking about changing jobs -- and this is from a guy who spent 32 years working with the same company working to get to its top technical tier -- and
RE: An invitation to committers to the OOo Community Forums
We have not had the bad-behavior/HR-type problems that would require the PPMC to have private discussion. I do believe that it is one of the PPMC responsibilities however. A dispute between users here, or a complaint to the PPMC about user conduct would likely be handled on ooo-private. From the PMC guide, http://www.apache.org/dev/pmc.html, All PMCs SHALL restrict their communication on private mailing lists to ONLY issues that cannot be discussed in public *such* *as*: [*emphasis* mine] * re-disclosure of security problems * pre-agreement discussions with third parties that require confidentiality * nominees for project, project committee or Foundation membership * **personal** *conflicts* among project personnel - Dennis -Original Message- From: Rob Weir [mailto:robw...@apache.org] Sent: Thursday, September 01, 2011 13:40 To: ooo-dev@incubator.apache.org Subject: Re: An invitation to committers to the OOo Community Forums On Thu, Sep 1, 2011 at 4:29 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: This should really be on its own thread as Terry requested. In any case, I believe the private forums are for roughly the same reasons that the PPMC list is private. The administrators address disputes, deal with bad behavior, etc. But that fact is we don't use ooo-private for that kind of thing. You know that. We've never, ever discussed a bad behavior, dealt with disputes, etc., on ooo-private.We resolve disputes here, on ooo-dev, in full public view. Why would you suggest that we have ever done otherwise? I notice that moderator actions on lists here are not dealt with transparently and why should they be? We don't even know who the moderators are, in general, especially for lists created before there were any lists on which to learn such things. We don't do moderation in the sense that the forums do. We don't hold back posts that are off-topic, that are showing bad behavior, etc. That is not what list moderators do. All we really do is catch posts that come from non-subscribers and do a quick glance to see if they are spam. If not, we let them through.If you read Drew's description of how the forums are dealing with moderation, it sounds like they have a much more intense, secret, deliberative process around moderation. I believe this is similar, in that there are moderation privileges and a place for those with such privileges to discuss matters in private. If not there already, it would be easy to have a public forum in each cluster for issues about the forum itself. There still needs a private means of communication on what are sensitive matters, in the current live system and any counterpart under Apache auspices. We have such a method, if it were needed. It is called ooo-private. If we think that 30 private forums are needed in order to discuss bad behavior in support posts (3 forums per each of 10 languages) then I think we're doing support moderation wrong. -Rob - Dennis -Original Message- From: Rob Weir [mailto:robw...@apache.org] Sent: Thursday, September 01, 2011 12:59 To: ooo-dev@incubator.apache.org Subject: Re: An invitation to committers to the OOo Community Forums On Thu, Sep 1, 2011 at 3:44 PM, Terry Ellison ter...@apache.org wrote: On 01/09/11 20:14, Rob Weir wrote: On Thu, Sep 1, 2011 at 2:56 PM, Terry Ellison te...@ellisons.org.uk wrote: OK, Rob, I now understand your point. I will do as you request. However, it seems to me that by making this request you are creating an interesting catch-22: I far as I can see there are two facets to this invitation. * *Sufficiency*. These forums are closed because this gives the attendees freedom to discuss matters (such as individual poster behaviour) that shouldn't be discussed on a public forum. We only invite trusted forum members to join these lists. (That's is that they've demonstrated that they are responsible and have built up a body of karma with their forum contributions.) I would have thought that being elected a committer could reasonably be deemed to be sufficient to show such trust. * *Necessity*. You seem to want to discuss policy on the governance of the forums from within this DL or ooo-private. I also recall some of your previous comments which indicate that these people (who have committed hundreds if not thousands of hours to supporting this service) do not merit committer status unless they have a wider engagement in the project, and they are therefore excluded from any ooo-private discussions. Yet, it seems to me that it is entirely reasonable that anyone contributing to this discussion should at least have a working knowledge of how the forums operate in practice and currently govern themselves. So I do think it necessary as well. This is incorrect. We're obviously discussing the policy on the public list. We have not discussed
RE: Request dev help: Info for required crypto export declaration
From http://www.apache.org/dev/crypto.html top of page, Overview, second paragraph: PMCs considering including cryptographic functionality within their products or specially designing their products to use other software with cryptographic functionality should take the following steps *before* placing such code on any ASF server, including commits to subversion [*emphasis* mine] From http://incubator.apache.org/guides/mentor.html#crypto-audit Before the code base is committed into an Apache repository, the contribution MUST be checked and any restricted cryptography reported appropriately. -Original Message- From: Robert Burrell Donkin [mailto:robertburrelldon...@gmail.com] Sent: Thursday, September 01, 2011 14:01 To: ooo-dev@incubator.apache.org Subject: Re: Request dev help: Info for required crypto export declaration On Thu, Sep 1, 2011 at 9:35 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: Technically, this was to have been resolved before the code was put up on SVN. We need to audit specifically for this rather quickly, and including the places that Rob also identified (import-export filters and http TLS). I definitely recommend a full crypto audit but IIRC it's not necessary before sending the initial notification. AIUI (from [1] and [2]) all that's needed is a list of the cryptographic libraries used by OOo. If the results of the full audit differ then we can just update the details and send an updated notification. Robert [1] http://www.apache.org/dev/crypto.html#sources [2] http://www.apache.org/licenses/exports/
Re: Apache OpenOffice.org Developer Education: Building on Linux
On 9/1/2011 18:52, Rob Weir wrote: The blog post is up: https://blogs.apache.org/OOo/entry/apache_openoffice_org_developer_education Please pass along the info wherever you think it would find interest. I've stuck it on Twitter, Facebook and Google Plus. Are there any legacy OOo lists where there might be interest? -Rob dev@oo.o immediately comes to mind: d...@openoffice.org -- /tj/
Re: Apache OpenOffice.org Developer Education: Building on Linux
This is what we had in http://education.openoffice.org including the classrooms. There is also the getting started guide for development. Please have a look on the wiki. http://wiki.services.openoffice.org/wiki/Education_Project/Effort On Thu, Sep 1, 2011 at 5:52 PM, Rob Weir apa...@robweir.com wrote: The blog post is up: https://blogs.apache.org/OOo/entry/apache_openoffice_org_developer_education Please pass along the info wherever you think it would find interest. I've stuck it on Twitter, Facebook and Google Plus. Are there any legacy OOo lists where there might be interest? -Rob -- *Alexandro Colorado* *OpenOffice.org* Español http://es.openoffice.org fingerprint: E62B CF77 1BEA 0749 C0B8 50B9 3DE6 A84A 68D0 72E6
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 7:01 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: From http://www.apache.org/dev/crypto.html top of page, Overview, second paragraph: PMCs considering including cryptographic functionality within their products or specially designing their products to use other software with cryptographic functionality should take the following steps *before* placing such code on any ASF server, including commits to subversion [*emphasis* mine] From http://incubator.apache.org/guides/mentor.html#crypto-audit Before the code base is committed into an Apache repository, the contribution MUST be checked and any restricted cryptography reported appropriately. Yup. We did this in the wrong order. Nothing we can do about that now. I hope to get to this soon, but probably not until the weekend at earliest. If you (or anyone else) have cycles earlier, feel free to grab this task. I don't mean to be sitting on it if someone else can act sooner. -Rob -Original Message- From: Robert Burrell Donkin [mailto:robertburrelldon...@gmail.com] Sent: Thursday, September 01, 2011 14:01 To: ooo-dev@incubator.apache.org Subject: Re: Request dev help: Info for required crypto export declaration On Thu, Sep 1, 2011 at 9:35 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: Technically, this was to have been resolved before the code was put up on SVN. We need to audit specifically for this rather quickly, and including the places that Rob also identified (import-export filters and http TLS). I definitely recommend a full crypto audit but IIRC it's not necessary before sending the initial notification. AIUI (from [1] and [2]) all that's needed is a list of the cryptographic libraries used by OOo. If the results of the full audit differ then we can just update the details and send an updated notification. Robert [1] http://www.apache.org/dev/crypto.html#sources [2] http://www.apache.org/licenses/exports/
Re: An invitation to committers to the OOo Community Forums
On Thu, Sep 1, 2011 at 7:01 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: We have not had the bad-behavior/HR-type problems that would require the PPMC to have private discussion. I do believe that it is one of the PPMC responsibilities however. A dispute between users here, or a complaint to the PPMC about user conduct would likely be handled on ooo-private. From the PMC guide, http://www.apache.org/dev/pmc.html, All PMCs SHALL restrict their communication on private mailing lists to ONLY issues that cannot be discussed in public *such* *as*: [*emphasis* mine] * re-disclosure of security problems * pre-agreement discussions with third parties that require confidentiality * nominees for project, project committee or Foundation membership * **personal** *conflicts* among project personnel But that is not what we're talking about on the support forums, right? 1) users on the forum are not project personnel and 2) the moderators are discussing posts not personal conflicts and 3) The persons having the conflicts are not involved in the private discussions. Of course, if support moderators themselves get involved in personal conflicts that need discussion, then by all means bring that to ooo-private. I don't think there is a legitimate place in a project for one group of people to talk about a different person, in a restricted list, without checks and balances provided by the PPMC/Mentor oversight of lists like ooo-private. -Rob - Dennis -Original Message- From: Rob Weir [mailto:robw...@apache.org] Sent: Thursday, September 01, 2011 13:40 To: ooo-dev@incubator.apache.org Subject: Re: An invitation to committers to the OOo Community Forums On Thu, Sep 1, 2011 at 4:29 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: This should really be on its own thread as Terry requested. In any case, I believe the private forums are for roughly the same reasons that the PPMC list is private. The administrators address disputes, deal with bad behavior, etc. But that fact is we don't use ooo-private for that kind of thing. You know that. We've never, ever discussed a bad behavior, dealt with disputes, etc., on ooo-private. We resolve disputes here, on ooo-dev, in full public view. Why would you suggest that we have ever done otherwise? I notice that moderator actions on lists here are not dealt with transparently and why should they be? We don't even know who the moderators are, in general, especially for lists created before there were any lists on which to learn such things. We don't do moderation in the sense that the forums do. We don't hold back posts that are off-topic, that are showing bad behavior, etc. That is not what list moderators do. All we really do is catch posts that come from non-subscribers and do a quick glance to see if they are spam. If not, we let them through. If you read Drew's description of how the forums are dealing with moderation, it sounds like they have a much more intense, secret, deliberative process around moderation. I believe this is similar, in that there are moderation privileges and a place for those with such privileges to discuss matters in private. If not there already, it would be easy to have a public forum in each cluster for issues about the forum itself. There still needs a private means of communication on what are sensitive matters, in the current live system and any counterpart under Apache auspices. We have such a method, if it were needed. It is called ooo-private. If we think that 30 private forums are needed in order to discuss bad behavior in support posts (3 forums per each of 10 languages) then I think we're doing support moderation wrong. -Rob - Dennis -Original Message- From: Rob Weir [mailto:robw...@apache.org] Sent: Thursday, September 01, 2011 12:59 To: ooo-dev@incubator.apache.org Subject: Re: An invitation to committers to the OOo Community Forums On Thu, Sep 1, 2011 at 3:44 PM, Terry Ellison ter...@apache.org wrote: On 01/09/11 20:14, Rob Weir wrote: On Thu, Sep 1, 2011 at 2:56 PM, Terry Ellison te...@ellisons.org.uk wrote: OK, Rob, I now understand your point. I will do as you request. However, it seems to me that by making this request you are creating an interesting catch-22: I far as I can see there are two facets to this invitation. * *Sufficiency*. These forums are closed because this gives the attendees freedom to discuss matters (such as individual poster behaviour) that shouldn't be discussed on a public forum. We only invite trusted forum members to join these lists. (That's is that they've demonstrated that they are responsible and have built up a body of karma with their forum contributions.) I would have thought that being elected a committer could reasonably be deemed to be sufficient to show such trust. * *Necessity*. You seem to want to discuss
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 11:15 AM, Rob Weir r...@robweir.com wrote: Looks like LO discussed it briefly [4], but dismissed it under the misapprehension that since they are not in the US, the regulation is irrelevant. I'm confused, how is that a 'misapprehension' exactly ? Are you concerned about compliance with http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT00801164dateTexte=#LEGISCTA06136109 ? if not, why not ? are you under the misapprehension that since [you] are not in [France], the regulation is irrelevant. ? Norbert
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 9:38 PM, Norbert Thiebaud nthieb...@gmail.com wrote: On Thu, Sep 1, 2011 at 11:15 AM, Rob Weir r...@robweir.com wrote: Looks like LO discussed it briefly [4], but dismissed it under the misapprehension that since they are not in the US, the regulation is irrelevant. I'm confused, how is that a 'misapprehension' exactly ? Are you concerned about compliance with http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT00801164dateTexte=#LEGISCTA06136109 ? if not, why not ? are you under the misapprehension that since [you] are not in [France], the regulation is irrelevant. ? You should take a look at the Wassenaar convention. There is a lot more similarity than you might think between French and US requirements. The diligence you do to satisfy US regulations will also help you with the regulations in any other countries you, or your users, need to work with. http://www.wassenaar.org/ Norbert
RE: Request dev help: Info for required crypto export declaration
I think Article 32 is of particular interest in the case of OpenOffice.org distributions in France. It would appear that compliance with Article 30 is not difficult, since source code is available in all cases. It would be interesting to find out if the Apache process for declaring cryptographic provisions would be acceptable to the Prime Minister without further ceremony. It might be useful for us to package notice of where the details are found in future distributions so users could be aware that local conditions may apply to their use of such provisions. However, I think it is likely that, so long as the LibreOffice download sites are not in the US there is not an issue for TDF. If there are LibreOffice mirrors in the US, that might be reason for concern by the operators of the mirrors. But we don't get to resolve any of that here. It is clear that to be an Apache Software Foundation project, the US requirements must be satisfied in the manner specified by the ASF. - Dennis -Original Message- From: Norbert Thiebaud [mailto:nthieb...@gmail.com] Sent: Thursday, September 01, 2011 18:38 To: ooo-dev@incubator.apache.org Subject: Re: Request dev help: Info for required crypto export declaration On Thu, Sep 1, 2011 at 11:15 AM, Rob Weir r...@robweir.com wrote: Looks like LO discussed it briefly [4], but dismissed it under the misapprehension that since they are not in the US, the regulation is irrelevant. I'm confused, how is that a 'misapprehension' exactly ? Are you concerned about compliance with http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT00801164dateTexte=#LEGISCTA06136109 ? if not, why not ? are you under the misapprehension that since [you] are not in [France], the regulation is irrelevant. ? Norbert
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 10:18 PM, Dennis E. Hamilton dennis.hamil...@acm.org wrote: I think Article 32 is of particular interest in the case of OpenOffice.org distributions in France. It would appear that compliance with Article 30 is not difficult, since source code is available in all cases. It would be interesting to find out if the Apache process for declaring cryptographic provisions would be acceptable to the Prime Minister without further ceremony. It might be useful for us to package notice of where the details are found in future distributions so users could be aware that local conditions may apply to their use of such provisions. However, I think it is likely that, so long as the LibreOffice download sites are not in the US there is not an issue for TDF. If there are LibreOffice mirrors in the US, that might be reason for concern by the operators of the mirrors. But we don't get to resolve any of that here. It is clear that to be an Apache Software Foundation project, the US requirements must be satisfied in the manner specified by the ASF. But I think that misses the real value of having this paperwork clean and readily available. It isn't really about OpenOffice or LibreOffice end users. And it really isn't about Apache or The Document Foundation. Yes, it is partially about them. But the real point of doing this and doing it well, is to make it possible for others (not Apache and not end users or direct downloads) to distribute/export Apache code. It is to allow Apache modules to be embedded in other applications and then exported. It is to allow OpenOffice.org to be pre-installed on a hardware vendor's laptops and then exported. Pure open source gets off easy in the regulation this days. The government realizes that the code is out there and they accept that. But commercial software vendors and hardware vendors still feel the full weight of these regulations. Having open source components that have their export control paperwork in order makes their lives much easier, and helps the underlying open source software get used more, which in turn may drive more corporate-sponsored developers into the project, more opportunities for consultants, etc. It is part of making OSS easy to consume. It is a win-win situation. -Rob - Dennis -Original Message- From: Norbert Thiebaud [mailto:nthieb...@gmail.com] Sent: Thursday, September 01, 2011 18:38 To: ooo-dev@incubator.apache.org Subject: Re: Request dev help: Info for required crypto export declaration On Thu, Sep 1, 2011 at 11:15 AM, Rob Weir r...@robweir.com wrote: Looks like LO discussed it briefly [4], but dismissed it under the misapprehension that since they are not in the US, the regulation is irrelevant. I'm confused, how is that a 'misapprehension' exactly ? Are you concerned about compliance with http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT00801164dateTexte=#LEGISCTA06136109 ? if not, why not ? are you under the misapprehension that since [you] are not in [France], the regulation is irrelevant. ? Norbert
Re: Apache OpenOffice.org Developer Education: Building on Linux
I'm interested in lending a hand where I can, as I've been able to get OOo to build on Linux (64bit).. On Thu, Sep 1, 2011 at 6:04 PM, Alexandro Colorado j...@openoffice.orgwrote: This is what we had in http://education.openoffice.org including the classrooms. There is also the getting started guide for development. Please have a look on the wiki. http://wiki.services.openoffice.org/wiki/Education_Project/Effort On Thu, Sep 1, 2011 at 5:52 PM, Rob Weir apa...@robweir.com wrote: The blog post is up: https://blogs.apache.org/OOo/entry/apache_openoffice_org_developer_education Please pass along the info wherever you think it would find interest. I've stuck it on Twitter, Facebook and Google Plus. Are there any legacy OOo lists where there might be interest? -Rob -- *Alexandro Colorado* *OpenOffice.org* Español http://es.openoffice.org fingerprint: E62B CF77 1BEA 0749 C0B8 50B9 3DE6 A84A 68D0 72E6 -- --Matt
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 8:57 PM, Rob Weir robw...@apache.org wrote: On Thu, Sep 1, 2011 at 9:38 PM, Norbert Thiebaud nthieb...@gmail.com wrote: On Thu, Sep 1, 2011 at 11:15 AM, Rob Weir r...@robweir.com wrote: Looks like LO discussed it briefly [4], but dismissed it under the misapprehension that since they are not in the US, the regulation is irrelevant. I'm confused, how is that a 'misapprehension' exactly ? Are you concerned about compliance with http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT00801164dateTexte=#LEGISCTA06136109 ? if not, why not ? are you under the misapprehension that since [you] are not in [France], the regulation is irrelevant. ? You should take a look at the Wassenaar convention. There is a lot more similarity than you might think between French and US requirements. You're missing the point. The point is: it makes a lot of sens of Apache, being legally established in the US, to comply with the export regulation of its host country... but claiming that not paying attention to US regulation for a non-US-based entity is a 'misapprehension' does not make much sens to me. 'France' here was just a convenient example to illustrate the fallacy of the argument. one could find hundreds of jurisdictions with each their own hoops and quirks... most likely some of them contradicting each others. The diligence you do to satisfy US regulations will also help you with the regulations in any other countries you, or your users, need to work with. The French term that best describe this vision of the world is 'nombrilism' (I'm afraid the english translation doesn't quite does it justice.. too literal, doesn't carry the larger meaning, I think) Norbert
Re: Request dev help: Info for required crypto export declaration
On Thu, Sep 1, 2011 at 10:55 PM, Norbert Thiebaud nthieb...@gmail.com wrote: On Thu, Sep 1, 2011 at 8:57 PM, Rob Weir robw...@apache.org wrote: On Thu, Sep 1, 2011 at 9:38 PM, Norbert Thiebaud nthieb...@gmail.com wrote: On Thu, Sep 1, 2011 at 11:15 AM, Rob Weir r...@robweir.com wrote: Looks like LO discussed it briefly [4], but dismissed it under the misapprehension that since they are not in the US, the regulation is irrelevant. I'm confused, how is that a 'misapprehension' exactly ? Are you concerned about compliance with http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT00801164dateTexte=#LEGISCTA06136109 ? if not, why not ? are you under the misapprehension that since [you] are not in [France], the regulation is irrelevant. ? You should take a look at the Wassenaar convention. There is a lot more similarity than you might think between French and US requirements. You're missing the point. The point is: it makes a lot of sens of Apache, being legally established in the US, to comply with the export regulation of its host country... but claiming that not paying attention to US regulation for a non-US-based entity is a 'misapprehension' does not make much sens to me. 'France' here was just a convenient example to illustrate the fallacy of the argument. one could find hundreds of jurisdictions with each their own hoops and quirks... most likely some of them contradicting each others. You should read my response to Dennis. I think you miss the entire point of why this paperwork is important. It has almost zero to do with where your webserver is. That is maybe 5% of the significance of the paperwork. If that is all you see, then you are missing most of the big picture. This is about making the software consumable for repackaging and redistribution by large hardware and software distributors, who -- like it or not -- tend to be American, not French. If you are thinking only of end users downloading the software from your LO webserver in Germany (or wherever it is), then you are missing the vast majority of the consumer, public sector, academic and enterprise markets. The diligence you do to satisfy US regulations will also help you with the regulations in any other countries you, or your users, need to work with. The French term that best describe this vision of the world is 'nombrilism' (I'm afraid the english translation doesn't quite does it justice.. too literal, doesn't carry the larger meaning, I think) Norbert
Re: Request dev help: Info for required crypto export declaration
Off-topic. Please drop this line of inquiry and return to the Subject of this thread, which is about determining required info for the crypto export declaration. From: Rob Weir robw...@apache.org To: ooo-dev@incubator.apache.org Sent: Thursday, September 1, 2011 11:07 PM Subject: Re: Request dev help: Info for required crypto export declaration On Thu, Sep 1, 2011 at 10:55 PM, Norbert Thiebaud nthieb...@gmail.com wrote: On Thu, Sep 1, 2011 at 8:57 PM, Rob Weir robw...@apache.org wrote: On Thu, Sep 1, 2011 at 9:38 PM, Norbert Thiebaud nthieb...@gmail.com wrote: On Thu, Sep 1, 2011 at 11:15 AM, Rob Weir r...@robweir.com wrote: Looks like LO discussed it briefly [4], but dismissed it under the misapprehension that since they are not in the US, the regulation is irrelevant. I'm confused, how is that a 'misapprehension' exactly ? Are you concerned about compliance with http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT00801164dateTexte=#LEGISCTA06136109 ? if not, why not ? are you under the misapprehension that since [you] are not in [France], the regulation is irrelevant. ? You should take a look at the Wassenaar convention. There is a lot more similarity than you might think between French and US requirements. You're missing the point. The point is: it makes a lot of sens of Apache, being legally established in the US, to comply with the export regulation of its host country... but claiming that not paying attention to US regulation for a non-US-based entity is a 'misapprehension' does not make much sens to me. 'France' here was just a convenient example to illustrate the fallacy of the argument. one could find hundreds of jurisdictions with each their own hoops and quirks... most likely some of them contradicting each others. You should read my response to Dennis. I think you miss the entire point of why this paperwork is important. It has almost zero to do with where your webserver is. That is maybe 5% of the significance of the paperwork. If that is all you see, then you are missing most of the big picture. This is about making the software consumable for repackaging and redistribution by large hardware and software distributors, who -- like it or not -- tend to be American, not French. If you are thinking only of end users downloading the software from your LO webserver in Germany (or wherever it is), then you are missing the vast majority of the consumer, public sector, academic and enterprise markets. The diligence you do to satisfy US regulations will also help you with the regulations in any other countries you, or your users, need to work with. The French term that best describe this vision of the world is 'nombrilism' (I'm afraid the english translation doesn't quite does it justice.. too literal, doesn't carry the larger meaning, I think) Norbert
Re: draft blog post on the Linux build education event
A little late here, and a trivial observation, but this type of statement really jerks my chain, because it is so Northern-Hemisphere specific: It is September. Time for cooler weather and time to go back to school (Watching the temperatures and humidity rise inexorably towards summer makes me grumpy. It is so easy to avoid this kind of stuff.) --Jean (in tropical Australia)
Re: draft blog post on the Linux build education event
Seems to me all that's needed is a regional qualifier. Blogs aren't written in stone, it is easy enough to make minor edits to them post-publication (but do take better advantage of the pre-publication public url I mentioned earlier for peer review of articles.) From: Jean Weber jeanwe...@gmail.com To: ooo-dev@incubator.apache.org Sent: Thursday, September 1, 2011 11:18 PM Subject: Re: draft blog post on the Linux build education event A little late here, and a trivial observation, but this type of statement really jerks my chain, because it is so Northern-Hemisphere specific: It is September. Time for cooler weather and time to go back to school (Watching the temperatures and humidity rise inexorably towards summer makes me grumpy. It is so easy to avoid this kind of stuff.) --Jean (in tropical Australia)
Re: draft blog post on the Linux build education event
On Fri, Sep 2, 2011 at 13:24, Joe Schaefer joe_schae...@yahoo.com wrote: Seems to me all that's needed is a regional qualifier. Blogs aren't written in stone, it is easy enough to make minor edits to them post-publication (but do take better advantage of the pre-publication public url I mentioned earlier for peer review of articles.) If things didn't happen while I was asleep (or out of Internet range), I might find time to to read pre-publication blog articles. But often I wouldn't find time to get to it until too late anyway. --Jean From: Jean Weber jeanwe...@gmail.com To: ooo-dev@incubator.apache.org Sent: Thursday, September 1, 2011 11:18 PM Subject: Re: draft blog post on the Linux build education event A little late here, and a trivial observation, but this type of statement really jerks my chain, because it is so Northern-Hemisphere specific: It is September. Time for cooler weather and time to go back to school (Watching the temperatures and humidity rise inexorably towards summer makes me grumpy. It is so easy to avoid this kind of stuff.) --Jean (in tropical Australia)
Re: draft blog post on the Linux build education event
Good point Jean! Things need to happen a bit more deliberately with respect to posting blog articles next time round, but as I said it's still not too late to fix this one. Someone just has to do it. From: Jean Weber jeanwe...@gmail.com To: ooo-dev@incubator.apache.org; Joe Schaefer joe_schae...@yahoo.com Sent: Thursday, September 1, 2011 11:53 PM Subject: Re: draft blog post on the Linux build education event On Fri, Sep 2, 2011 at 13:24, Joe Schaefer joe_schae...@yahoo.com wrote: Seems to me all that's needed is a regional qualifier. Blogs aren't written in stone, it is easy enough to make minor edits to them post-publication (but do take better advantage of the pre-publication public url I mentioned earlier for peer review of articles.) If things didn't happen while I was asleep (or out of Internet range), I might find time to to read pre-publication blog articles. But often I wouldn't find time to get to it until too late anyway. --Jean From: Jean Weber jeanwe...@gmail.com To: ooo-dev@incubator.apache.org Sent: Thursday, September 1, 2011 11:18 PM Subject: Re: draft blog post on the Linux build education event A little late here, and a trivial observation, but this type of statement really jerks my chain, because it is so Northern-Hemisphere specific: It is September. Time for cooler weather and time to go back to school (Watching the temperatures and humidity rise inexorably towards summer makes me grumpy. It is so easy to avoid this kind of stuff.) --Jean (in tropical Australia)
Re: draft blog post on the Linux build education event
2011/9/1 Manfred A. Reiter ma.rei...@gmail.com: blog looks nice and we will what happens next wednesday Put the word see into the sentence above, where it belongs ;-)
Re: An invitation to committers to the OOo Community Forums
On 02/09/11 00:46, Shane Curcuru wrote: Separately from how moderation is done and separately from the issue that many traditional participants/contributors to a lot of OOo areas are non-english speakers, I just wanted to mention an additional factor about mailing list norms at Apache. For community-focused lists, we should aim to have fewer lists rather than more. Why? Because splitting lists and having discussions happening in various different places tends to split part of the active community. Having a single ooo-dev@ list here can seem like there's a lot of traffic on it (which there is!). But even if when people skip threads that aren't of immediate interest to them, everyone has a chance to see all the discussions happening. Having all the different discussions on the same list ensure that everyone can stay on the same page, and see where the active community of contributors is moving. With multiple different lists running a single community, not only can specific decisions not be well communicated to the other lists, but the community sense is much harder to keep synchronized on multiple lists versus a single list. Note that it *is* appropriate to have multiple lists for different functions or primary sets of participants - so I do expect that there will be an ooo-user@ list, etc. Does that make some sense? It's part of why it's a better idea to transition project management into a few discrete lists here at @apache.org, rather than leaving project decision making in a variety of different places. - Shane NOTE: The above being said, I definitely see wisdom in Terry's comment earlier in the thread about B) an evolutionary one: ... in terms of making changes to existing forum management processes in careful and well-communicated steps, instead of simply forcing changes in the immediate term. Shane there are some intrinsic differences between a DL and posting into a forum. However, reading this entire thread I get the feeling that some of the current practices on the forum may be unacceptable to Apache / the project. However in this case, I would suggest that: 1) we adopt an evolutionary approach -- that is get the forums moved and then make any changes. 2) we constitute a small group with forum experience *and* ASF experience do a specific task of reviewing current practices against Apache norms and practices, then draft some change guidelines for feeding to the forums, and an impact assessment of their implementation. We can then feed them into the ooo-dev list for comment and if needed vote on their adoption. This would address such issue as: (i) Do we allow the forum moderators use the forum itself to discuss forum management or must this be done on ooo-dev (ii) Do we permit the NL forum moderators to use their own NL for this or are we insisting that this is done in English? (iii) Do we permit the use of a closed access forum / DL for discussing forum conduct? I have my own opinions on the consequences of some of these points, for example, many NL moderators / volunteers have poor working use of English; many moderators would be unwilling to discuss moderation issues for establish consensus if this had to be done in public. My feeling is that if we choose to forced them to work this way then we will lose many of our moderators / forum contributors who answer most of the Qs. But let us at least draft this guideline and vote on it before executing. I will post a synopsis of this thread to the forums and ask them to comment back here.