date:20110901

I moved my site directory tree on ooo-forums.apache.org last night.  
(This is the ~80 files that need to be put under svn, and that enable 
the site-customised forum configuration to be rebuild by one of the 
scripts in site/scripts and the phpBB tarballs that it pulls from the 
phpBB repository.)  We still have to finalise where this repository 
location will be.


It then took me ~40 mins to do a scripted rebuild bringing the forums up 
to phpBB v3.0.9 (current).  This included pulling the latest forum 
backup from user.services.openoffice.org and restoring this into the 
local application. So if you look at http://ooo-forums.apache.org/ today 
then you will now see that it's running the latest version of phpBB with 
a clone of yesterday's live forum content.


I still have some regression tests to do and some temporary D/B tweaks 
for this version (e.g. the forums are configured as 
user.services.openoffice.org and not ooo-forums.apache.org and this 
mucks up cookies), but it broadly looks as if we will be good to do.


The work for the live cut-over will take about 30mins, with most of this 
is network transfer and loading and reanalyzing databases.  I will 
coordinate a timeline with Andrew and come back with an update.  
Unfortunately, we will still need a nominal 24hr service outage for 
cut-over because of DNS propagation ripple.


Regards to all
Terry

draft blog post on the Linux build education event

https://blogs.apache.org/roller-ui/authoring/preview/OOo/?previewEntry=apache_openoffice_org_developer_education

Are the homework items correct?  Anything else participants should prepare?

Note also I'm framing this as one of a series of Developer Education
Events.  We might want to think of this more broadly as well.  Would
it make sense, for example, for translators, or doc or support, or
other areas of the project to also plan on outreach/education events
like this, to encourage new volunteers to get involved with AOOo.

-Rob

Re: Who wants to build OpenOffice?

2011-09-01 Thread Marc-Oliver Straub


I switched to gcc44, and get the following build error:
Entering /tmp/apache_oo/svn_clean/ooo/main/xml2cmp/source/finder

Compiling: xml2cmp/source/finder/dependy.cxx
/tmp/apache_oo/svn_clean/ooo/main/solver/340/unxlngx6.pro/bin/makedepend: error 
while loading shared libraries: 
/tmp/apache_oo/svn_clean/ooo/main/solver/340/unxlngx6.pro/lib/libstdc++.so.6: 
file too short

dmake:  Error code 127, while making '../../unxlngx6.pro/obj/dependy.obj'
dmake:  '../../unxlngx6.pro/obj/dependy.obj' removed.

$ file 
/tmp/apache_oo/svn_clean/ooo/main/solver/340/unxlngx6.pro/lib/libstdc++.so.6 

/tmp/apache_oo/svn_clean/ooo/main/solver/340/unxlngx6.pro/lib/libstdc++.so.6: 
ASCII text
$ cat 
/tmp/apache_oo/svn_clean/ooo/main/solver/340/unxlngx6.pro/lib/libstdc++.so.6 


INPUT ( -lstdc++_nonshared /usr/lib64/libstdc++.so.6 )

Any ideas?

Thanks, Oli

On 9/1/2011 12:06 PM, Marc-Oliver Straub wrote:

Seems like a bug in the slist header comping with gcc 4.1.2 on RHEL5.6.
Comparing RHEL56 gcc 4.4.4 slist with gcc 4.1.2 slist, I noticed 
that the 4.4.4 version contains additional using statements:

  using std::__true_type;
  using std::__false_type;

Can others please check whether their gcc 4.1.2 headers contain these 
statements? Is this a RedHat problem? Is this a compiler bug, and do 
we need to workaround this?


Bye, Oli

On 9/1/2011 11:45 AM, Marc-Oliver Straub wrote:

Build failed in autodoc module:
Entering /tmp/apache_oo/ooo/main/autodoc/source/display/html

Making:all_display_html.dpobj
Compiling: autodoc/source/display/html/aryattrs.cxx
Compiling: autodoc/source/display/html/cfrstd.cxx
Compiling: autodoc/source/display/html/chd_udk2.cxx
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:413: 
error: '__true_type' has not been declared
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:419: 
error: '__false_type' has not been declared
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:537: 
error: '__true_type' has not been declared
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:544: 
error: '__false_type' has not been declared
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:775: 
error: '__false_type' has not been declared
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist: 
In instantiation of '__gnu_cxx::slistcsi::xml::Element*, 
std::allocatorcsi::xml::Element* ':
../../../source/inc/estack.hxx:43:   instantiated from 
'EStackcsi::xml::Element*'
/tmp/apache_oo/ooo/main/autodoc/source/display/html/easywri.hxx:64:   
instantiated from here
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:419: 
error: 'templateclass _InputIterator void 
__gnu_cxx::slist::_M_assign_dispatch(_InputIterator, _InputIterator, 
int) [with _InputIterator = _InputIterator, _Tp = csi::xml::Element*, 
_Alloc = std::allocatorcsi::xml::Element*]' cannot be overloaded
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:413: 
error: with 'templateclass _Integer void 
__gnu_cxx::slist::_M_assign_dispatch(_Integer, _Integer, int) [with 
_Integer = _Integer, _Tp = csi::xml::Element*, _Alloc = 
std::allocatorcsi::xml::Element*]'
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:544: 
error: 'templateclass _InIterator void 
__gnu_cxx::slist::_M_insert_after_range(__gnu_cxx::_Slist_node_base*, 
_InIterator, _InIterator, int) [with _InIterator = _InIterator, _Tp = 
csi::xml::Element*, _Alloc = std::allocatorcsi::xml::Element*]' 
cannot be overloaded
/usr/lib/gcc/x86_64-redhat-linux/4.1.2/../../../../include/c++/4.1.2/ext/slist:537: 
error: with 'templateclass _Integer void 
__gnu_cxx::slist::_M_insert_after_range(__gnu_cxx::_Slist_node_base*, 
_Integer, _Integer, int) [with _Integer = _Integer, _Tp = 
csi::xml::Element*, _Alloc = std::allocatorcsi::xml::Element*]'
dmake:  Error code 1, while making 
'../../../unxlngx6.pro/obj/chd_udk2.obj'



On 9/1/2011 10:33 AM, Marc-Oliver Straub wrote:

RedHat Enterprise Linux 5.6 64-bit, gcc 4.1.2

./configure --disable-mozilla --without-junit
...
checking whether to enable RandR support... checking for XRANDR... no
checking X11/extensions/Xrandr.h usability... no
checking X11/extensions/Xrandr.h presence... yes
configure: WARNING: X11/extensions/Xrandr.h: present but cannot be 
compiled
configure: WARNING: X11/extensions/Xrandr.h: check for missing 
prerequisite headers?
configure: WARNING: X11/extensions/Xrandr.h: see the Autoconf 
documentation
configure: WARNING: X11/extensions/Xrandr.h: section Present 
But Cannot Be Compiled
configure: WARNING: X11/extensions/Xrandr.h: proceeding with the 
compiler's result

checking for X11/extensions/Xrandr.h... no
configure: error: X11/extensions/Xrandr.h could not be found. X11 
dev missing?


Adding --disable-randr to the configure flags succeeds.
However, I see the following error in the

Re: [ooo-user] was RE: us...@openoffice.org [Was: Re: [Discussion] d...@openoffice.org]

JIRA issue entered:

https://issues.apache.org/jira/browse/INFRA-3905

-Rob

On Tue, Aug 30, 2011 at 5:34 PM, Dennis E. Hamilton orc...@apache.org wrote:
 Hey, over here (waving arm in the air)!

 Yes, I will moderate ooo-users.

 Do you need a minimum of three?

 It would also be good to have one additional so we can handle the occasional 
 CJK and Eastern European message that comes in, maybe others too, depending 
 on what committers we have.  (At least to help us tell the difference between 
 spam and user inquiries.)

  - Dennis

 -Original Message-
 From: Shane Curcuru [mailto:a...@shanecurcuru.org]
 Sent: Tuesday, August 30, 2011 08:11
 To: ooo-dev@incubator.apache.org
 Subject: Re: us...@openoffice.org [Was: Re: [Discussion] d...@openoffice.org]

 [ ... ]

 Personally, if there were some committers who would volunteer to
 moderate, I'd just create an ooo-user@ mailing list now.  Almost all
 projects already have a user list, so it'd be worth creating one if for
 only to give interested users a place to start asking questions about
 the future plans of the podling.

 It also seems clear that with the OOo history and end-user base that
 some of the existing forums (whatever kind) will need to be continued.
 That's up to the project to figure out how to do and maintain.  The only
 bigger ASF issue is ensuring that any new content added to forums that
 the ASF hosts is compatible with AL wherever possible.

 - Shane

Re: [ooo-user] was RE: us...@openoffice.org [Was: Re: [Discussion] d...@openoffice.org]

2011-09-01 Thread Eike Rathke

Hi Dennis,

On Wednesday, 2011-08-31 18:29:02 -0700, Dennis E. Hamilton wrote:

 Oh, so it wasn't actually an MS Office file, but a spoof with a .doc filename?

I only vaguely remember, but I think it was that way.

 That would definitely be hard to catch.  I'm not sure what would cause
 it to execute though.

Name it .doc and set the content type to text/html
Anyway, I'm not sure about .doc anymore, the same of course works with
.html and probably any other extension.

 Was there a condition under which the exploit
 could be made to be run while pretended to be a .doc file?

The trigger is the content type.

  Eike

-- 
 PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication.
 Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3  9E96 2F1A D073 293C 05FD


signature.asc
Description: Digital signature

Incubator PMC/Board report for September 2011 (ooo-dev@incubator.apache.org)

2011-09-01 Thread no-reply

Dear OpenOffice.org Developers,

This email was sent by an automated system on behalf of the Apache Incubator 
PMC.
It is an initial reminder to give you plenty of time to prepare your quarterly
board report.

The board meeting is scheduled for  Wed, 21 September 2011, 10 am Pacific. The 
report 
for your podling will form a part of the Incubator PMC report. The Incubator 
PMC 
requires your report to be submitted one week before the board meeting, to 
allow 
sufficient time for review.

Please submit your report with sufficient time to allow the incubator PMC, and 
subsequently board members to review and digest. Again, the very latest you 
should submit your report is one week prior to the board meeting.

Thanks,

The Apache Incubator PMC

Submitting your Report
--

Your report should contain the following:

 * Your project name
 * A brief description of your project, which assumes no knowledge of the 
project
   or necessarily of its field
 * A list of the three most important issues to address in the move towards 
   graduation.
 * Any issues that the Incubator PMC or ASF Board might wish/need to be aware of
 * How has the community developed since the last report
 * How has the project developed since the last report.
 
This should be appended to the Incubator Wiki page at:

  http://wiki.apache.org/incubator/September2011

Note: This manually populated. You may need to wait a little before this page is
  created from a template.

Mentors
---
Mentors should review reports for their project(s) and sign them off on the 
Incubator wiki page. Signing off reports shows that you are following the 
project - projects that are not signed may raise alarms for the Incubator PMC.

Incubator PMC

RE: Request dev help: Info for required crypto export declaration

2011-09-01 Thread Pedro F. Giffuni

While here,

Can Apache projects rely on Mozilla's nss (MPL)?

I looked for alternatives but I only found the java based
Bouncy Castle:

http://www.bouncycastle.org/

cheers,

Pedro.

--- On Thu, 9/1/11, Dennis E. Hamilton dennis.hamil...@acm.org wrote:

 From: Dennis E. Hamilton dennis.hamil...@acm.org
 Subject: RE: Request dev help: Info for required crypto export declaration
 To: ooo-dev@incubator.apache.org
 Date: Thursday, September 1, 2011, 12:00 AM
 It is simplified and it isn't. 
 But we are doing it out of order.
 
 Here is the page that I couldn't remember the location of:
 
 http://www.apache.org/dev/crypto.html
 
  - Dennis
 
 -Original Message-
 From: rabas...@gmail.com
 [mailto:rabas...@gmail.com]
 On Behalf Of Rob Weir
 Sent: Wednesday, August 31, 2011 09:31
 To: ooo-dev@incubator.apache.org
 Subject: Re: Request dev help: Info for required crypto
 export declaration
 
 On Wed, Aug 31, 2011 at 12:29 PM, Dennis E. Hamilton
 dennis.hamil...@acm.org
 wrote:
  I thought there was a short-circuit/umbrella process
 that doesn't require all of these details.  I thought
 that came up on an old thread, either on the PPMC or in the
 early days of this list.
 
  We do need to collect and update the details, but I am
 not so sure we need to file a full-up declaration. 
 There is apparently a simplified procedure and we should
 look for it. (I am not where I can do that right now.)
 
 
 Uh... but we need to know the details to know whether we
 can use the
 simplified procedure.
 
 -Rob
 
 
  -Original Message-
  From: Mathias Bauer [mailto:mathias_ba...@gmx.net]
  Sent: Wednesday, August 31, 2011 07:00
  To: ooo-dev@incubator.apache.org
  Subject: Re: Request dev help: Info for required
 crypto export declaration
 
  Moin,
 
  please take my answers with a decent grain of salt,
 I'm not an expert
  for that area, Matthias Hütsch and Malte Timmermann
 certainly could
  answer that better, but I don't know if they are
 currently contributing
  to this list. Hopefully my remarks can help to look at
 the right places.
 
  Am 31.08.2011 15:03, schrieb Rob Weir:
 
  There is some paperwork we need to file based on
 OOo use of
  cryptography.  Details are on the Apache
 website [1].  I think I can
  handle most of the paperwork, provided I can get
 some help, on this
  thread, establishing the basic facts.
 
 
  1) Was something similar every done for
 OpenOffice.org?  Most software
  companies are aware of this US export regulation
 and do this
  declaration as a matter of routine.  But not
 all open source projects
  are as diligent as ASF is.  So it is possible
 that OOo never did this
  before.  But if they did, we could reuse much
 of their paperwork.
 
  AFAIR Sun did that some time ago, but I'm not 100%
 sure.
 
  2) We need a list of all uses of cryptographic
 methods in OOo,
  including code that we include, but also where we
 enable 3rd party or
  OS crypto modules to plugged in.  This
 includes both symmetrical
  algorithms (commonly used for encryption) as well
 as asymmetrical
  algorithms (for example, public key uses like PGP,
 RSA, TLS, etc.)
 
  3) For each method, it looks like we need to state
 whether we authored
  the crypto, or name the origin of the code if it
 is a 3rd party.
 
  The methods I suspect are in OOo are:
 
  a) For password-protected ODF documents, we use
 the Blowfish block
  encryption method.   Where did that
 code come from?
 
  It was an own implementation from someone who was
 employed by Sun at
  that time.
 
  In the new 3.4 code we also use AES code from the
 openssl library.
 
  b) What do we support for other document formats,
 such as DOC, OOXML
  or legacy StarOffice formats?  Any other
 encryption methods?  If so,
  what are they are what was their origin?
 
  As none of the former Oracle employed MS filter
 developers is listening
  here, maybe we could ask Kohei or Caolan from the
 Libre Office crew.
 
  c) We support digital signatures with ODF files as
 well.  What
  algorithms are supported?  Is this our
 original code or 3rd party?
 
  The code we use is based on the SeaMonkey or nss
 module. I always get
  confused about them, but in any way the code is
 external.
 
  d)  Do we support digital signatures with any
 other file formats?
 
  No, only our own files format.
 
  e) Any other uses of encryption?
 
  f) Presumably we places that are at least enabled
 for SSL via OS-level
  resolution of https protocol
 URLs.   Is this correct?
 
  g) But do we have any SSL (TLS) code included in
 our source code?  If
  so, what is the origin of this?
 
  Open ssl, maybe something in neon, I don't know.
 
  Regards,
  Mathias

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 11:41 AM, Pedro F. Giffuni giffu...@tutopia.com wrote:
 While here,

 Can Apache projects rely on Mozilla's nss (MPL)?


See this page on current view from Apache legal:

http://www.apache.org/legal/resolved.html#category-b


 I looked for alternatives but I only found the java based
 Bouncy Castle:

 http://www.bouncycastle.org/

 cheers,

 Pedro.

 --- On Thu, 9/1/11, Dennis E. Hamilton dennis.hamil...@acm.org wrote:

 From: Dennis E. Hamilton dennis.hamil...@acm.org
 Subject: RE: Request dev help: Info for required crypto export declaration
 To: ooo-dev@incubator.apache.org
 Date: Thursday, September 1, 2011, 12:00 AM
 It is simplified and it isn't.
 But we are doing it out of order.

 Here is the page that I couldn't remember the location of:

 http://www.apache.org/dev/crypto.html

  - Dennis

 -Original Message-
 From: rabas...@gmail.com
 [mailto:rabas...@gmail.com]
 On Behalf Of Rob Weir
 Sent: Wednesday, August 31, 2011 09:31
 To: ooo-dev@incubator.apache.org
 Subject: Re: Request dev help: Info for required crypto
 export declaration

 On Wed, Aug 31, 2011 at 12:29 PM, Dennis E. Hamilton
 dennis.hamil...@acm.org
 wrote:
  I thought there was a short-circuit/umbrella process
 that doesn't require all of these details.  I thought
 that came up on an old thread, either on the PPMC or in the
 early days of this list.
 
  We do need to collect and update the details, but I am
 not so sure we need to file a full-up declaration.
 There is apparently a simplified procedure and we should
 look for it. (I am not where I can do that right now.)
 

 Uh... but we need to know the details to know whether we
 can use the
 simplified procedure.

 -Rob


  -Original Message-
  From: Mathias Bauer [mailto:mathias_ba...@gmx.net]
  Sent: Wednesday, August 31, 2011 07:00
  To: ooo-dev@incubator.apache.org
  Subject: Re: Request dev help: Info for required
 crypto export declaration
 
  Moin,
 
  please take my answers with a decent grain of salt,
 I'm not an expert
  for that area, Matthias Hütsch and Malte Timmermann
 certainly could
  answer that better, but I don't know if they are
 currently contributing
  to this list. Hopefully my remarks can help to look at
 the right places.
 
  Am 31.08.2011 15:03, schrieb Rob Weir:
 
  There is some paperwork we need to file based on
 OOo use of
  cryptography.  Details are on the Apache
 website [1].  I think I can
  handle most of the paperwork, provided I can get
 some help, on this
  thread, establishing the basic facts.
 
 
  1) Was something similar every done for
 OpenOffice.org?  Most software
  companies are aware of this US export regulation
 and do this
  declaration as a matter of routine.  But not
 all open source projects
  are as diligent as ASF is.  So it is possible
 that OOo never did this
  before.  But if they did, we could reuse much
 of their paperwork.
 
  AFAIR Sun did that some time ago, but I'm not 100%
 sure.
 
  2) We need a list of all uses of cryptographic
 methods in OOo,
  including code that we include, but also where we
 enable 3rd party or
  OS crypto modules to plugged in.  This
 includes both symmetrical
  algorithms (commonly used for encryption) as well
 as asymmetrical
  algorithms (for example, public key uses like PGP,
 RSA, TLS, etc.)
 
  3) For each method, it looks like we need to state
 whether we authored
  the crypto, or name the origin of the code if it
 is a 3rd party.
 
  The methods I suspect are in OOo are:
 
  a) For password-protected ODF documents, we use
 the Blowfish block
  encryption method.   Where did that
 code come from?
 
  It was an own implementation from someone who was
 employed by Sun at
  that time.
 
  In the new 3.4 code we also use AES code from the
 openssl library.
 
  b) What do we support for other document formats,
 such as DOC, OOXML
  or legacy StarOffice formats?  Any other
 encryption methods?  If so,
  what are they are what was their origin?
 
  As none of the former Oracle employed MS filter
 developers is listening
  here, maybe we could ask Kohei or Caolan from the
 Libre Office crew.
 
  c) We support digital signatures with ODF files as
 well.  What
  algorithms are supported?  Is this our
 original code or 3rd party?
 
  The code we use is based on the SeaMonkey or nss
 module. I always get
  confused about them, but in any way the code is
 external.
 
  d)  Do we support digital signatures with any
 other file formats?
 
  No, only our own files format.
 
  e) Any other uses of encryption?
 
  f) Presumably we places that are at least enabled
 for SSL via OS-level
  resolution of https protocol
 URLs.   Is this correct?
 
  g) But do we have any SSL (TLS) code included in
 our source code?  If
  so, what is the origin of this?
 
  Open ssl, maybe something in neon, I don't know.
 
  Regards,
  Mathias

Re: Request dev help: Info for required crypto export declaration

2011-09-01 Thread Danese Cooper

On Wed, Aug 31, 2011 at 9:30 AM, Rob Weir r...@robweir.com wrote:

 On Wed, Aug 31, 2011 at 12:29 PM, Dennis E. Hamilton
 dennis.hamil...@acm.org wrote:



 snip



  1) Was something similar every done for OpenOffice.org?  Most software
  companies are aware of this US export regulation and do this
  declaration as a matter of routine.  But not all open source projects
  are as diligent as ASF is.  So it is possible that OOo never did this
  before.  But if they did, we could reuse much of their paperwork.
 
  AFAIR Sun did that some time ago, but I'm not 100% sure.


Yes, Sun did this (probably for every official release).

Danese

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 11:51 AM, Danese Cooper dan...@gmail.com wrote:
 On Wed, Aug 31, 2011 at 9:30 AM, Rob Weir r...@robweir.com wrote:

 On Wed, Aug 31, 2011 at 12:29 PM, Dennis E. Hamilton
 dennis.hamil...@acm.org wrote:



 snip



  1) Was something similar every done for OpenOffice.org?  Most software
  companies are aware of this US export regulation and do this
  declaration as a matter of routine.  But not all open source projects
  are as diligent as ASF is.  So it is possible that OOo never did this
  before.  But if they did, we could reuse much of their paperwork.
 
  AFAIR Sun did that some time ago, but I'm not 100% sure.


 Yes, Sun did this (probably for every official release).


If so, this might have been kept on the corporate side, not on the
community website.

For example, searching Google for site:openoffice.org ECCN shows
several requests for this information [1] [2] [3] over the years, but
no useful responses.

Looks like LO discussed it briefly [4], but dismissed it under the
misapprehension that since they are not in the US, the regulation is
irrelevant.   We'll obviously want to do better here.  It may not make
a much of a difference to the individual downloaded of AOOo, but this
paperwork is essential for anyone who might want to bundle AOOo with
laptops, for example.  The location of the project is not the solitary
relevant fact.  The location of the users and re-distributors is the
key thing.

[1] http://openoffice.org/projects/www/lists/users/archive/2004-12/message/24

[2] 
http://openoffice.org/projects/marketing/lists/dev/archive/2005-11/message/204

[3] http://openoffice.org/projects/www/lists/users/archive/2009-12/message/653

[4] http://comments.gmane.org/gmane.comp.documentfoundation.discuss/6138

I'll check what we did for IBM Lotus Symphony.

-Rob


 Danese

Re: Apache project community and external community

2011-09-01 Thread Ian Lynch

On 31 August 2011 23:16, Ross Gardler rgard...@opendirective.com wrote:

 On 31 August 2011 17:06, Dennis E. Hamilton dennis.hamil...@acm.org
 wrote:
  That makes no sense.

 I don't agree. There are other copies of the code out there managed
 under different licenses and different approaches. Those who choose to
 be here do so under their own free will.

 But surely the time for this particular discussion has passed,
 regardless of whether my version of the truth is the same as anyone
 elses. I'm not trying to oversimplify, I'm trying to be realistic.


Pragmatism has a lot going for it IMHO :-). I run a company which was
inspired by aspects of open source communities but I'm a Committer here and
I am also quite willing to do what I can for LibreO or indeed any other FOSS
community. Different organisational constraints but hey, if you think that's
bad, try working within some of the UK government regulatory frameworks ;-).
 I have been a member of the OOo community for probably 10 years or so and I
have had some disagreements with various people along the way. Even so, I
don't see why any of that should get in the way. My view is how do we make
FOSS more effective?  Partly as a Committer here within the rules associated
with that, partly through my business with the rules and constraints that
has and partly with LibreO, why worry? If you can do what you want within
the rules just do it. If you can't, do those things somewhere else where its
ok. Main issue is learning what is and isn't allowable and I guess that is
at least in part why there is an incubation period to give us all time to
learn.

-- 
Ian

Ofqual Accredited IT Qualifications (The Schools ITQ)

www.theINGOTs.org +44 (0)1827 305940

The Learning Machine Limited, Reg Office, 36 Ashby Road, Tamworth,
Staffordshire, B79 8AQ. Reg No: 05560797, Registered in England and
Wales.

Re: Fwd: openoffice.org not responding

2011-09-01 Thread Andrew Rist




On 8/31/2011 10:43 PM, Jürgen Schmidt wrote:

On Wed, Aug 31, 2011 at 9:02 PM, Kay Schenkkay.sch...@gmail.com  wrote:


Hi Andrew--


On 08/31/2011 10:17 AM, Andrew Rist wrote:


This is not related to the DNS transfer. That process has not yet begun,
and appropriate warning will be given when it is.


  That transfer should painless when it occurs, as it will only involve

changing the owner of the DNS entries, not the content of them.

(looks like OOo  kenai are back. I have not determined what the issue
was, but it was not related to transfer of OOo or any decommissioning of
the servers)


well good news, but panic nonetheless. Maybe a wake-up call to get stuff
moved (somewhere) as quickly as possible. Definitely a priority with me at
the moment! :/



i still can't reach www.openoffice.org, api.openoffice.org or
hg.services.openoffice.org, ...

Juergen
All three are up for me.  I am guessing that the refresh on the DNS may 
have contributed to the problem.

Andrew





Andrew

On 8/31/2011 5:05 AM, Dave Fisher wrote:


Hi Andrew,

It looks like openoffice.org is still down, odftoolkit.org is also down.

It looks like all of Kenai is down.

Is the dns transfer in flux, or wrong? Is there a wrong action on
INFRA-3898?

Please advise.

Thanks,
Dave

Begin forwarded message:

  From: Simon Brouwersimon.o...@xs4all.nl

Date: August 30, 2011 11:06:46 AM PDT
To:ooo-dev@incubator.apache.**orgto%3aooo-...@incubator.apache.org
Cc: Kay Schenkkay.sch...@gmail.com
Subject: Re: openoffice.org not responding
Reply-To:ooo-dev@incubator.**apache.orgreply-to%3aooo-...@incubator.apache.org
Reply-To:simon.o...@xs4all.nl

Hi Kay,

nl.openoffice.org is up, but server response is really slow. I wanted
to manage mailinglists since yesterday but had to give up getting timeout
after timeout.

Best regards
Simon

Op 30-8-2011 20:01, Kay Schenk schreef:


Re Eike's post of about an hour ago.

Does anyone know what's going on with openoffice.org
orwww.openoffice.org.


kenai.org is up but not openoffice.org.



--
Vriendelijke groet,
Simon Brouwer.

|http://nl.openoffice.org  |http://www.opentaal.org  |



--


Oracle Email Signature Logo
Andrew Rist | Interoperability Architect
Oracle Corporate Architecture Group
Redwood Shores, CA | 650.506.9847


--
--**--**

MzK

Music expresses that which cannot be said and
  on which it is impossible to be silent.
-- Victor Hugo



--


Oracle Email Signature Logo
Andrew Rist | Interoperability Architect
Oracle Corporate Architecture Group
Redwood Shores, CA | 650.506.9847

An invitation to committers to the OOo Community Forums

Anyone is able to join the OOo Community forums, but we also have a 
number of closed forums use for internal management of the site.  If any 
committers would like to have access to these, then just make sure that 
they've got an active account on the current production service (not 
ooo-forums.apache.org) and email me me from it requesting access.  I 
will then raise you to volunteer so that you can see the main closed 
forums.


Please note:  the forum rules apply to all and all volunteers are 
expected to follow them -- including me or any other committer.


Regards
Terry

Re: An invitation to committers to the OOo Community Forums

On Thu, Sep 1, 2011 at 12:46 PM, Terry Ellison te...@ellisons.org.uk wrote:
 Anyone is able to join the OOo Community forums, but we also have a number
 of closed forums use for internal management of the site.  If any committers
 would like to have access to these, then just make sure that they've got an
 active account on the current production service (not ooo-forums.apache.org)
 and email me me from it requesting access.  I will then raise you to
 volunteer so that you can see the main closed forums.


-1

I propose that we eliminate any such internal management forums.
Having these goes against the transparency that we should be
expressing in all of our work as an Apache project.

If something truly does require confidential treatment then it could
be brought to the ooo-private list, where committers already have
access. And equally important, ooo-private is readable by our podling
mentors and by Apache Members, to ensure we do not abuse the use of
such private lists.

If something requires special treatment because it relates to site
security, then that belongs with Apache Infra.

If we're merely discussing internal management of the site on these
closed forums, this may be boring to most site visitors, but that is
not a sufficient reason to conduct this work in private.

-Rob


 Please note:  the forum rules apply to all and all volunteers are expected
 to follow them -- including me or any other committer.

 Regards
 Terry

RE: [patch] add rpm in the archive names

An alternative for patches that one is hesitant/unable to commit is to submit 
them with an issue on the now-live issue tracker at 
http://issues.apache.org/ooo/

We should be using this bug tracker heavily now.  It is the best way to place 
material where it will be seen and reviewed without being buried in the ooo-dev 
list.

-Original Message-
From: eric b [mailto:eric.bach...@free.fr] 
Sent: Wednesday, August 31, 2011 23:22
To: ooo-dev@incubator.apache.org
Subject: [patch] add rpm in the archive names

Hi,

Under Linux, when we create .deb files, the download archive name  
contains _deb, avoiding confusion.  It was not the case for .rpm  
rchive type, and lot of people download .rpm and discover later they  
need .deb.

Since I don't know whether we can commit or not, I prefered provide a  
patch who fixes the problem.
You'll find it at : http://ftp.educoo.org/home/ericb/patches/ 
apache_ooo/add_rpm_in_the_name_aooo.diff

It is provided under Apache License, of course.


Regards,
Eric

-- 
qɔᴉɹə
Education Project:
http://wiki.services.openoffice.org/wiki/Education_Project
Projet OOo4Kids : http://wiki.ooo4kids.org/index.php/Main_Page
L'association EducOOo : http://www.educoo.org
Blog : http://eric.bachard.org/news

Re: draft blog post on the Linux build education event

2011-09-01 Thread Manfred A. Reiter

2011/9/1 Rob Weir robw...@apache.org:
 https://blogs.apache.org/roller-ui/authoring/preview/OOo/?previewEntry=apache_openoffice_org_developer_education


how can I login?

thanks in advance

M.

Re: draft blog post on the Linux build education event

http://www.apache.org/dev/blogs.html describes the
(public) preview url for blog articles.

From: Rob Weir robw...@apache.org
To: ooo-dev@incubator.apache.org
Sent: Thursday, September 1, 2011 1:44 PM
Subject: Re: draft blog post on the Linux build education event

On Thu, Sep 1, 2011 at 1:37 PM, Manfred A. Reiter ma.rei...@gmail.com wrote:
 2011/9/1 Rob Weir robw...@apache.org:
 https://blogs.apache.org/roller-ui/authoring/preview/OOo/?previewEntry=apache_openoffice_org_developer_education

 how can I login?

Oh... I was hoping you could all see that.  Darn.  There was a call
for logins for authors and editors for the blog a while ago [1].
Gavin gave people permission.

[1] http://markmail.org/message/ez25wgbpf4z47f5g

In any case, here is the text. You're missing the picture and the
hyperlinks, but you can get the idea:

==Developer Education==

It is September.  Time for cooler weather and time to go back to
school.  The Apache OpenOffice.org podling is ready for the season
with events to help developers learn more about OpenOffice.org.

Do you want to learn how to build Apache OpenOffice.org on Linux?  Do
you want to take the first steps towards becoming an OpenOffice
hacker?  Do you want to help test, review and improve our build
instructions, on any one of a variety of Linux distros?  If so, you
will not want to miss this event.

Next week, from Wed September 7th through Saturday September 10th we
will be making a concerted effort to enable everyone who wants to be
able to build OpenOffice. This will be the first of a series of
Developer Education topics we hope to deliver.  Others may include how
to build on Windows and Mac, and how to work on particular OpenOffice
features.

This will be a virtual event, with collaboration on the ooo-dev
mailing list and on IRC.  Members of the OpenOffice.org podling will
be on hand to help anyone who wishes to get started with OpenOffice
development on Linux.

==How to Get Involved==

There are a few things you should do to prepare for this event:

    1) Find a Linux machine, at least 1GB RAM and 75 GB free disk space

    2) Run any updates needed to make your distro current

    3) Download the latest source code for OpenOffice.org via Subversion.

    4) Before Wednesday, sign up for the ooo-dev@incubator.apache.org
mailing list.

    5) Bookmark the OpenOffice.org Building Guide.  This is the
documentation we'll be following, and correcting.

    6) Starting on Wednesday, follow the discussions on the ooo-dev
mailing list.  We'll use a subject tag of [LINUX-BUILD] for threads
related to this event.

    7) Also starting on Wednesday, join us on IRC: irc.freenode.net
on channel #dev.openoffice.org

 thanks in advance

 M.

Re: An invitation to committers to the OOo Community Forums

On Thu, Sep 1, 2011 at 1:56 PM, Terry Ellison te...@ellisons.org.uk wrote:
 Rob,

 This was a polite invitation to committers if they wanted to see how the
 forums operate.  I will take your -1 to mean that you don't want to take me
 up on the offer.


Let me be clearer then.  The -1 is to your proposal to invite
committers and assign them permissions to a private forum.  This is
not a technical objection, but a policy objection.  Please do not take
further steps on this until we can get a Mentor to weigh in on.

Thanks,

-Rob

 Your reply is a valid topic but entirely off *this* topic.  Unfortunately
 since this is a DL and not a forum, I can't move this to new topic which
 relates to your point.  However, if you care to make this on another thread
 on the topic you discuss, then I will reply there.

 Can we try to maintain some thread discipline, please?

 Regards
 Terry

 On 01/09/11 17:59, Rob Weir wrote:

 On Thu, Sep 1, 2011 at 12:46 PM, Terry Ellisonte...@ellisons.org.uk
  wrote:

 Anyone is able to join the OOo Community forums, but we also have a
 number
 of closed forums use for internal management of the site.  If any
 committers
 would like to have access to these, then just make sure that they've got
 an
 active account on the current production service (not
 ooo-forums.apache.org)
 and email me me from it requesting access.  I will then raise you to
 volunteer so that you can see the main closed forums.

 -1

 I propose that we eliminate any such internal management forums...snip

Re: ooo-users list now available

2011-09-01 Thread Pedro Giffuni


Hi Rob,

Perhaps you should use the new list for the education event?
Given that we haven't made any release yet I think this would
also serve to feed the user archive with the build instructions.

Just a thought, if this is more of a developer event and/or
you also plan a walkthrough the code then I guess it's OK
to keep it in -dev.

Cheers,

Pedro.

On Thu, 1 Sep 2011 13:51:18 -0400, Rob Weir robw...@apache.org wrote:
Let joy be unconfined. Let there be dancing in the streets.  And 
thanks, Joe.


Moderators are automatically subscribed, I think.  Others can join
with an email to ooo-users-subscribe.incubator.apache.org

Follow up items, which I'd welcome help with:

1) Once the archives are created, which can take a day, we should
update our lists of lists [1] [2]

2) The existing OOo users list should be notified about this new 
list,

with instructions on how to subscribe

3) Maybe shut down the OOo users list?  Or at least update the 
website

to steer users here.

4) There was talk of a customized post footer with unsubscribe and
basic support  FAQ info, to reduce the incident of list rookie
problems.

[1] http://incubator.apache.org/openofficeorg/mailing-lists.html
[2] http://incubator.apache.org/projects/openofficeorg.html

RE: [ooo-user] was RE: us...@openoffice.org [Was: Re: [Discussion] d...@openoffice.org]

I think you are right.  I already have a list where orc...@apache.org is a 
moderator, so I will see if I can access the moderator features there.

 - Dennis

-Original Message-
From: Eike Rathke [mailto:o...@erack.de] 
Sent: Thursday, September 01, 2011 08:11
To: ooo-dev@incubator.apache.org
Subject: Re: [ooo-user] was RE: us...@openoffice.org [Was: Re: [Discussion] 
d...@openoffice.org]

Hi Dennis,

On Wednesday, 2011-08-31 18:29:02 -0700, Dennis E. Hamilton wrote:

 Hmm, for (2) I think you have to use orc...@msn.com for me, then.
 Most of my e-mail addresses (including orc...@apache.org) are not
 associated with an SMTP server, if I get your drift.

I think what counts is the envelope From, so if your ISP's SMTP allows
you to send with an arbitrary envelope From (which is fine if the user
is authenticated to the SMTP server anyway) you should be good.

  Eike

-- 
 PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication.
 Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3  9E96 2F1A D073 293C 05FD

RE: draft blog post on the Linux build education event

 1. The post looks fine.
 2. I had to use my author/editor login.

I also can't tell whether it is post-dated.  I think that is what puts them 
where they can be seen, but not sure.

 - Dennis

-Original Message-
From: Rob Weir [mailto:robw...@apache.org] 
Sent: Thursday, September 01, 2011 10:45
To: ooo-dev@incubator.apache.org
Subject: Re: draft blog post on the Linux build education event

On Thu, Sep 1, 2011 at 1:37 PM, Manfred A. Reiter ma.rei...@gmail.com wrote:
 2011/9/1 Rob Weir robw...@apache.org:
 https://blogs.apache.org/roller-ui/authoring/preview/OOo/?previewEntry=apache_openoffice_org_developer_education


 how can I login?


Oh... I was hoping you could all see that.  Darn.  There was a call
for logins for authors and editors for the blog a while ago [1].
Gavin gave people permission.

[1] http://markmail.org/message/ez25wgbpf4z47f5g


In any case, here is the text. You're missing the picture and the
hyperlinks, but you can get the idea:




==Developer Education==

It is September.  Time for cooler weather and time to go back to
school.  The Apache OpenOffice.org podling is ready for the season
with events to help developers learn more about OpenOffice.org.

Do you want to learn how to build Apache OpenOffice.org on Linux?  Do
you want to take the first steps towards becoming an OpenOffice
hacker?  Do you want to help test, review and improve our build
instructions, on any one of a variety of Linux distros?  If so, you
will not want to miss this event.

Next week, from Wed September 7th through Saturday September 10th we
will be making a concerted effort to enable everyone who wants to be
able to build OpenOffice. This will be the first of a series of
Developer Education topics we hope to deliver.  Others may include how
to build on Windows and Mac, and how to work on particular OpenOffice
features.

This will be a virtual event, with collaboration on the ooo-dev
mailing list and on IRC.  Members of the OpenOffice.org podling will
be on hand to help anyone who wishes to get started with OpenOffice
development on Linux.

==How to Get Involved==

There are a few things you should do to prepare for this event:

1) Find a Linux machine, at least 1GB RAM and 75 GB free disk space

2) Run any updates needed to make your distro current

3) Download the latest source code for OpenOffice.org via Subversion.

4) Before Wednesday, sign up for the ooo-dev@incubator.apache.org
mailing list.

5) Bookmark the OpenOffice.org Building Guide.  This is the
documentation we'll be following, and correcting.

6) Starting on Wednesday, follow the discussions on the ooo-dev
mailing list.  We'll use a subject tag of [LINUX-BUILD] for threads
related to this event.

7) Also starting on Wednesday, join us on IRC: irc.freenode.net
on channel #dev.openoffice.org




 thanks in advance

 M.

Re: draft blog post on the Linux build education event

On Thu, 2011-09-01 at 14:27 -0400, Rob Weir wrote:
 On Thu, Sep 1, 2011 at 1:50 PM, Joe Schaefer joe_schae...@yahoo.com wrote:
 
 
  http://www.apache.org/dev/blogs.html describes the
  (public) preview url for blog articles.
 
 
 
 Thanks for the hint, Joe.
 
 If I understood it correctly, this version should be viewable.  It
 works for me, but you never know when persistent cookies are playing
 tricks with you.
 
 http://blogs.apache.org/preview/OOo/?previewEntry=apache_openoffice_org_developer_education

That worked - thanks

Looks pretty good to me - I saw a comment about pointing folks to the
user mailing list vs the dev mailing list - I think for this I would
stick with the dev list.

//drew

Re: [ooo-user] was RE: us...@openoffice.org [Was: Re: [Discussion] d...@openoffice.org]

2011-09-01 Thread Daniel Shahaf

orcmid@a.o has access to SMTP at smtps://people.apachea.org:465/

Moderators can approve emails from any address, but access to the -log,
-list, and the moderator's version of -help only works from the address
listed as moderator.

Only infra can change the moderator addresses on a list.


Dennis E. Hamilton wrote on Thu, Sep 01, 2011 at 11:38:59 -0700:
 I think you are right.  I already have a list where orc...@apache.org is a 
 moderator, so I will see if I can access the moderator features there.
 
  - Dennis
 
 -Original Message-
 From: Eike Rathke [mailto:o...@erack.de] 
 Sent: Thursday, September 01, 2011 08:11
 To: ooo-dev@incubator.apache.org
 Subject: Re: [ooo-user] was RE: us...@openoffice.org [Was: Re: [Discussion] 
 d...@openoffice.org]
 
 Hi Dennis,
 
 On Wednesday, 2011-08-31 18:29:02 -0700, Dennis E. Hamilton wrote:
 
  Hmm, for (2) I think you have to use orc...@msn.com for me, then.
  Most of my e-mail addresses (including orc...@apache.org) are not
  associated with an SMTP server, if I get your drift.
 
 I think what counts is the envelope From, so if your ISP's SMTP allows
 you to send with an arbitrary envelope From (which is fine if the user
 is authenticated to the SMTP server anyway) you should be good.
 
   Eike
 
 -- 
  PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication.
  Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3  9E96 2F1A D073 293C 05FD

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 7:38 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
 Please just do it this way:

 http://www.apache.org/dev/crypto.html

 ASF is very clear on what is required for *its* releases and this page 
 appears to be comprehensive.

The Apache rules break down into reporting to users and notification.
Informing users is important but notification is urgent (making source
available [1] counts as export).

 (I finally found where I saw this before.  It has also been discussed here or 
 on the ooo-private list before.  I remembered it as being simpler than it is.)

(It looks worse than it is)

Following the instructions[3], step 1 is to work out whether OOo has
any unusual cryptography beyond ECCN 5D002, which is:

blockquote cite='http://www.apache.org/dev/crypto.html#classify
   Software specially designed or modified for the development,
production or use of any of the other software of this list, or
software designed to certify other software on this list; or
   Software using a symmetric algorithm employing a key length in
excess of 56-bits; or
   Software using an asymmetric algorithm where the security of the
algorithm is based on: factorization of integers in excess of 512 bits
(e.g., RSA), computation of discrete logarithms in a multiplicative
   group of a finite field of size greater than 512 bits (e.g.,
Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in
excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve).
/blockquote

Does OOo rely on cryptography more exotic than this?

Robert

[1] http://www.apache.org/dev/crypto.html#overview
[2] http://www.apache.org/licenses/exports/
[3] http://www.apache.org/dev/crypto.html#classify

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 2:38 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
 Please just do it this way:

 http://www.apache.org/dev/crypto.html


That's what I've been looking at from the start.  I don't just make
these things up in my sleep.

 ASF is very clear on what is required for *its* releases and this page 
 appears to be comprehensive.


Yes, and for the very first step, we need to classify per an ECCN
code.  To do that we need to understand the cryptographic support the
code provides.

I think we should try to understand this in detail, even if it just
boils down ultimately to a code for this regulation.  These details
are also relevant to procurement regulations for the Federal
government, and other governments as well.  So it will be good have a
comprehensive list of what algorithms we are using in general.

-Rob

 (I finally found where I saw this before.  It has also been discussed here or 
 on the ooo-private list before.  I remembered it as being simpler than it is.)

  - Dennis


 -Original Message-
 From: rabas...@gmail.com [mailto:rabas...@gmail.com] On Behalf Of Rob Weir
 Sent: Thursday, September 01, 2011 09:15
 To: ooo-dev@incubator.apache.org
 Subject: Re: Request dev help: Info for required crypto export declaration

 On Thu, Sep 1, 2011 at 11:51 AM, Danese Cooper dan...@gmail.com wrote:
 On Wed, Aug 31, 2011 at 9:30 AM, Rob Weir r...@robweir.com wrote:

 On Wed, Aug 31, 2011 at 12:29 PM, Dennis E. Hamilton
 dennis.hamil...@acm.org wrote:



 snip



  1) Was something similar every done for OpenOffice.org?  Most software
  companies are aware of this US export regulation and do this
  declaration as a matter of routine.  But not all open source projects
  are as diligent as ASF is.  So it is possible that OOo never did this
  before.  But if they did, we could reuse much of their paperwork.
 
  AFAIR Sun did that some time ago, but I'm not 100% sure.


 Yes, Sun did this (probably for every official release).


 If so, this might have been kept on the corporate side, not on the
 community website.

 For example, searching Google for site:openoffice.org ECCN shows
 several requests for this information [1] [2] [3] over the years, but
 no useful responses.

 Looks like LO discussed it briefly [4], but dismissed it under the
 misapprehension that since they are not in the US, the regulation is
 irrelevant.   We'll obviously want to do better here.  It may not make
 a much of a difference to the individual downloaded of AOOo, but this
 paperwork is essential for anyone who might want to bundle AOOo with
 laptops, for example.  The location of the project is not the solitary
 relevant fact.  The location of the users and re-distributors is the
 key thing.

 [1] http://openoffice.org/projects/www/lists/users/archive/2004-12/message/24

 [2] 
 http://openoffice.org/projects/marketing/lists/dev/archive/2005-11/message/204

 [3] http://openoffice.org/projects/www/lists/users/archive/2009-12/message/653

 [4] http://comments.gmane.org/gmane.comp.documentfoundation.discuss/6138

 I'll check what we did for IBM Lotus Symphony.

 -Rob


 Danese

Re: An invitation to committers to the OOo Community Forums

OK, Rob, I now understand your point.  I will do as you request.  
However, it seems to me that by making this request you are creating an 
interesting catch-22:  I far as I can see there are two facets to this 
invitation.


   * *Sufficiency*.  These forums are closed because this gives the
 attendees freedom to discuss matters (such as individual poster
 behaviour) that shouldn't be discussed on a public forum.  We only
 invite trusted forum members to join these lists.  (That's is
 that they've demonstrated that they are responsible and have built
 up a body of karma with their forum contributions.)  I would
 have thought that being elected a committer could reasonably be
 deemed to be sufficient to show such trust.

   * *Necessity*.  You seem to want to discuss policy on the governance
 of the forums from within this DL or ooo-private.  I also recall
 some of your previous comments which indicate that these people
 (who have committed hundreds if not thousands of hours to
 supporting this service) do not merit committer status unless they
 have a wider engagement in the project, and they are therefore
 excluded from any ooo-private discussions.  Yet, it seems to me
 that it is entirely reasonable that anyone contributing to this
 discussion should at least have a working knowledge of how the
 forums operate in practice and currently govern themselves.  So I
 do think it necessary as well.

Hence in my view, this invitation makes eminent sense.  Is your counter 
proposal that only committers who are entirely ignorant of how the 
forums work should decided on their future governance and existence?  I 
feel that most Europeans would regard this as a typical American 
attitude to the rest of the world ;)


Regards
Terry

On 01/09/11 19:05, Rob Weir wrote:

On Thu, Sep 1, 2011 at 1:56 PM, Terry Ellisonte...@ellisons.org.uk  wrote:

Rob,

This was a polite invitation to committers if they wanted to see how the
forums operate.  I will take your -1 to mean that you don't want to take me
up on the offer.


Let me be clearer then.  The -1 is to your proposal to invite
committers and assign them permissions to a private forum.  This is
not a technical objection, but a policy objection.  Please do not take
further steps on this until we can get a Mentor to weigh in on.

Thanks,

-Rob


Your reply is a valid topic but entirely off *this* topic.  Unfortunately
since this is a DL and not a forum, I can't move this to new topic which
relates to your point.  However, if you care to make this on another thread
on the topic you discuss, then I will reply there.

Can we try to maintain some thread discipline, please?

Regards
Terry

On 01/09/11 17:59, Rob Weir wrote:

On Thu, Sep 1, 2011 at 12:46 PM, Terry Ellisonte...@ellisons.org.uk
  wrote:

Anyone is able to join the OOo Community forums, but we also have a
number
of closed forums use for internal management of the site.  If any
committers
would like to have access to these, then just make sure that they've got
an
active account on the current production service (not
ooo-forums.apache.org)
and email me me from it requesting access.  I will then raise you to
volunteer so that you can see the main closed forums.


-1

I propose that we eliminate any such internal management forums...snip

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin
robertburrelldon...@gmail.com wrote:
 On Thu, Sep 1, 2011 at 7:38 PM, Dennis E. Hamilton
 dennis.hamil...@acm.org wrote:
 Please just do it this way:

 http://www.apache.org/dev/crypto.html

 ASF is very clear on what is required for *its* releases and this page 
 appears to be comprehensive.

 The Apache rules break down into reporting to users and notification.
 Informing users is important but notification is urgent (making source
 available [1] counts as export).

 (I finally found where I saw this before.  It has also been discussed here 
 or on the ooo-private list before.  I remembered it as being simpler than it 
 is.)

 (It looks worse than it is)

 Following the instructions[3], step 1 is to work out whether OOo has
 any unusual cryptography beyond ECCN 5D002, which is:

 blockquote cite='http://www.apache.org/dev/crypto.html#classify
   Software specially designed or modified for the development,
 production or use of any of the other software of this list, or
 software designed to certify other software on this list; or
   Software using a symmetric algorithm employing a key length in
 excess of 56-bits; or
   Software using an asymmetric algorithm where the security of the
 algorithm is based on: factorization of integers in excess of 512 bits
 (e.g., RSA), computation of discrete logarithms in a multiplicative
   group of a finite field of size greater than 512 bits (e.g.,
 Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in
 excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve).
 /blockquote

 Does OOo rely on cryptography more exotic than this?


That is where it seems backwards to me.  If I'm reading this
correctly, we are OK if we use a symmetrical algorithm with key length
greater than (in excess of) 56-bits.  But if we use an algorithm,
with less thanb 56-bits we're considered exotic?  Really?

For example, Calc has a ROT13() spreadsheet function, which
undoubtedly is a weak symmetrical encryption technique, certainly not
one with a key length in excess of 56-bits.

So what now?  In other words, I'm puzzled by the in excess part.
They seem to be saying that strong encryption is regulated less than
weak encryption.

Could you explain where I'm getting this wrong?

Thanks,

-Rob

 Robert

 [1] http://www.apache.org/dev/crypto.html#overview
 [2] http://www.apache.org/licenses/exports/
 [3] http://www.apache.org/dev/crypto.html#classify

Administrative controls / management of the mailing lists


Dennis,

As we've discussed previously there is almost a religious split 
between those that work on forums and those that work on MLs and DLs. 
Very few of those involved in the governance of the forums would have 
anything to do with DLs/MLs and v.v.


However, what you are really talking about is a configuration issue of 
the mail forwarder.  It's more an application issue if we get control of 
the application support.  I have exactly the same issues with my mail 
responder that is built into the forums.


Terry, do you know if those administrative controls extend to the 
management of the mailing lists, such as the ones for 
http://fr.openoffice.org (apparently at 
http://openoffice.org/projects/fr/lists).


Do you have any information on how we can empower someone to block a 
bad echo?


Every post to the more-heavily-populated lists there generates three 
notices from service-clie...@sc.sfr.fr. Then we need to find the 
subscribers whose e-mail addresses are landing at the responding site 
and disable those.


I also fear that there is nothing in our planned work to preserve 
these portions of the openoffice.org domain.


- Dennis

-Original Message-
From: Terry Ellison [mailto:te...@ellisons.org.uk]
Sent: Thursday, September 01, 2011 09:47
To: ooo-dev@incubator.apache.org
Subject: An invitation to committers to the OOo Community Forums

Anyone is able to join the OOo Community forums, but we also have a
number of closed forums use for internal management of the site. If any
committers would like to have access to these, then just make sure that
they've got an active account on the current production service (not
ooo-forums.apache.org) and email me me from it requesting access. I
will then raise you to volunteer so that you can see the main closed
forums.

Please note: the forum rules apply to all and all volunteers are
expected to follow them -- including me or any other committer.

Regards
Terry

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 8:00 PM, Rob Weir r...@robweir.com wrote:
 On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin
 robertburrelldon...@gmail.com wrote:
 On Thu, Sep 1, 2011 at 7:38 PM, Dennis E. Hamilton
 dennis.hamil...@acm.org wrote:
 Please just do it this way:

 http://www.apache.org/dev/crypto.html

 ASF is very clear on what is required for *its* releases and this page 
 appears to be comprehensive.

 The Apache rules break down into reporting to users and notification.
 Informing users is important but notification is urgent (making source
 available [1] counts as export).

 (I finally found where I saw this before.  It has also been discussed here 
 or on the ooo-private list before.  I remembered it as being simpler than 
 it is.)

 (It looks worse than it is)

 Following the instructions[3], step 1 is to work out whether OOo has
 any unusual cryptography beyond ECCN 5D002, which is:

 blockquote cite='http://www.apache.org/dev/crypto.html#classify
   Software specially designed or modified for the development,
 production or use of any of the other software of this list, or
 software designed to certify other software on this list; or
   Software using a symmetric algorithm employing a key length in
 excess of 56-bits; or
   Software using an asymmetric algorithm where the security of the
 algorithm is based on: factorization of integers in excess of 512 bits
 (e.g., RSA), computation of discrete logarithms in a multiplicative
   group of a finite field of size greater than 512 bits (e.g.,
 Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in
 excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve).
 /blockquote

 Does OOo rely on cryptography more exotic than this?


 That is where it seems backwards to me.  If I'm reading this
 correctly, we are OK if we use a symmetrical algorithm with key length
 greater than (in excess of) 56-bits.  But if we use an algorithm,
 with less thanb 56-bits we're considered exotic?  Really?

Remember that we're only interested in strong cryptography :-)

IIRC symmetric and asymmetric algorithms weaker than this are not
considered strong cryptography, and so don't fall under ECCN 5D002.
Cryptography which is neither weak nor covered by those definitions
needs special handling.

Robert

Re: An invitation to committers to the OOo Community Forums

On Thu, Sep 1, 2011 at 2:56 PM, Terry Ellison te...@ellisons.org.uk wrote:
 OK, Rob, I now understand your point.  I will do as you request.  However,
 it seems to me that by making this request you are creating an interesting
 catch-22:  I far as I can see there are two facets to this invitation.

   * *Sufficiency*.  These forums are closed because this gives the
     attendees freedom to discuss matters (such as individual poster
     behaviour) that shouldn't be discussed on a public forum.  We only
     invite trusted forum members to join these lists.  (That's is
     that they've demonstrated that they are responsible and have built
     up a body of karma with their forum contributions.)  I would
     have thought that being elected a committer could reasonably be
     deemed to be sufficient to show such trust.

   * *Necessity*.  You seem to want to discuss policy on the governance
     of the forums from within this DL or ooo-private.  I also recall
     some of your previous comments which indicate that these people
     (who have committed hundreds if not thousands of hours to
     supporting this service) do not merit committer status unless they
     have a wider engagement in the project, and they are therefore
     excluded from any ooo-private discussions.  Yet, it seems to me
     that it is entirely reasonable that anyone contributing to this
     discussion should at least have a working knowledge of how the
     forums operate in practice and currently govern themselves.  So I
     do think it necessary as well.


This is incorrect.  We're obviously discussing the policy on the
public list.  We have not discussed this on ooo-private.  Discussion
of policy regarding the treatment of confidential information is
itself not confidential.  In fact, such discussions should probably
always be public.

You are also incorrect in your assumption that volunteers need to
contribute in several areas in order to be committers.  Someone who
makes substantial contributions as a support forum moderator could
make a great committer candidate.  Ditto for a documentation writer, a
tester, a translator, etc.  Committers are not just coders.  It is
about commitment to the project.

You are suggesting two problems:

1) We have forum moderators who understand how the forums work, but
have not made visible contributions to the project yet, so they are
not currently being nominated as committers.

2) We have committers who are not familiar with how the forum operates.

And I'm raising the 3rd issue:

3) How the forum operates  should not be something that occurs in private.

There is a clear solution here:

1) Have those who understand how the forum operates today write this
up in detail as a contribution to the project's website

2) This would help other committers understand how this works and
avoids the newbie problem you are concerned with, though we are
probably not half as dumb as you seem to be assuming.  I, for example,
have run a phpBB board before.

3) This also gives the PPMC and Mentors an opportunity to review the
forum procedures and ensure they conform Apache expectations, etc.
This is something we should be doing anyways.

4) This effort, both in writing up the procedures, and educating the
existing committers, and through this mutual discussion, would
probably be a sufficient sign of commitment to get the moderators who
are do this work to be nominated as project committers.

So a win-win situation, all around.

-Rob

Re: Request dev help: Info for required crypto export declaration

2011-09-01 Thread Donald Whytock

On Thu, Sep 1, 2011 at 3:00 PM, Rob Weir r...@robweir.com wrote:
 On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin
 robertburrelldon...@gmail.com wrote:
 Following the instructions[3], step 1 is to work out whether OOo has
 any unusual cryptography beyond ECCN 5D002, which is:

 blockquote cite='http://www.apache.org/dev/crypto.html#classify
   Software specially designed or modified for the development,
 production or use of any of the other software of this list, or
 software designed to certify other software on this list; or
   Software using a symmetric algorithm employing a key length in
 excess of 56-bits; or
   Software using an asymmetric algorithm where the security of the
 algorithm is based on: factorization of integers in excess of 512 bits
 (e.g., RSA), computation of discrete logarithms in a multiplicative
   group of a finite field of size greater than 512 bits (e.g.,
 Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in
 excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve).
 /blockquote

 Does OOo rely on cryptography more exotic than this?


 That is where it seems backwards to me.  If I'm reading this
 correctly, we are OK if we use a symmetrical algorithm with key length
 greater than (in excess of) 56-bits.  But if we use an algorithm,
 with less thanb 56-bits we're considered exotic?  Really?

 For example, Calc has a ROT13() spreadsheet function, which
 undoubtedly is a weak symmetrical encryption technique, certainly not
 one with a key length in excess of 56-bits.

 So what now?  In other words, I'm puzzled by the in excess part.
 They seem to be saying that strong encryption is regulated less than
 weak encryption.

 Could you explain where I'm getting this wrong?


It looks to me like the key phrase is any unusual cryptography beyond
ECCN 5D002, and the definition of that phrase is the cited block, as
opposed to the cited block being a definition of ECCN 5D002.

I am having a remarkably hard time finding a definition of ECCN 5D002.

Don

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 8:18 PM, Donald Whytock dwhyt...@gmail.com wrote:
 On Thu, Sep 1, 2011 at 3:00 PM, Rob Weir r...@robweir.com wrote:
 On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin
 robertburrelldon...@gmail.com wrote:
 Following the instructions[3], step 1 is to work out whether OOo has
 any unusual cryptography beyond ECCN 5D002, which is:

 blockquote cite='http://www.apache.org/dev/crypto.html#classify
   Software specially designed or modified for the development,
 production or use of any of the other software of this list, or
 software designed to certify other software on this list; or
   Software using a symmetric algorithm employing a key length in
 excess of 56-bits; or
   Software using an asymmetric algorithm where the security of the
 algorithm is based on: factorization of integers in excess of 512 bits
 (e.g., RSA), computation of discrete logarithms in a multiplicative
   group of a finite field of size greater than 512 bits (e.g.,
 Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in
 excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve).
 /blockquote

 Does OOo rely on cryptography more exotic than this?


 That is where it seems backwards to me.  If I'm reading this
 correctly, we are OK if we use a symmetrical algorithm with key length
 greater than (in excess of) 56-bits.  But if we use an algorithm,
 with less thanb 56-bits we're considered exotic?  Really?

 For example, Calc has a ROT13() spreadsheet function, which
 undoubtedly is a weak symmetrical encryption technique, certainly not
 one with a key length in excess of 56-bits.

 So what now?  In other words, I'm puzzled by the in excess part.
 They seem to be saying that strong encryption is regulated less than
 weak encryption.

 Could you explain where I'm getting this wrong?


 It looks to me like the key phrase is any unusual cryptography beyond
 ECCN 5D002, and the definition of that phrase is the cited block, as
 opposed to the cited block being a definition of ECCN 5D002.

 I am having a remarkably hard time finding a definition of ECCN 5D002.

EAR 740.13(e) should be on
http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfrsid=bad7a54a31430303e17ce648c13e51b3rgn=div5view=textnode=15:2.1.3.4.25idno=15#15:2.1.3.4.25.0.1.13

Robert

RE: An invitation to committers to the OOo Community Forums

Rob,

I believe Terry is talking about the openoffice.org domain in situ and the 
existing OOo forums there.  This has nothing to do with anything under Apache 
ooo custody at this time, nor does it have anything to do with the test version 
he has running in order to learn how to port.  It was an offer to provide any 
interim support on the live openoffice.org forums, and understand their 
administration ther, not anything on Apache.

I assume that the rights that Terry Ellison has on openoffice.org is not 
anything that were conferred to him via the ASF.

I believe that there is no policy matter here, and if it is it is between 
Oracle and Terry and those Terry approves to be there.

 - Dennis

POLICY MATTERS THREADS

There is certainly a policy matter on how administration is done on a port to 
Apache if we insist on operating it on an apache.org domain.

There is a different policy matter, but still one, if we continue to operate it 
on the openoffice.org domain even though hosted in some sanitary way on Apache 
infrastructure.

We already have unresolved discussions on other threads concerning that.

-Original Message-
From: Rob Weir [mailto:robw...@apache.org] 
Sent: Thursday, September 01, 2011 11:05
To: ooo-dev@incubator.apache.org
Subject: Re: An invitation to committers to the OOo Community Forums

On Thu, Sep 1, 2011 at 1:56 PM, Terry Ellison te...@ellisons.org.uk wrote:
 Rob,

 This was a polite invitation to committers if they wanted to see how the
 forums operate.  I will take your -1 to mean that you don't want to take me
 up on the offer.


Let me be clearer then.  The -1 is to your proposal to invite
committers and assign them permissions to a private forum.  This is
not a technical objection, but a policy objection.  Please do not take
further steps on this until we can get a Mentor to weigh in on.

Thanks,

-Rob

 Your reply is a valid topic but entirely off *this* topic.  Unfortunately
 since this is a DL and not a forum, I can't move this to new topic which
 relates to your point.  However, if you care to make this on another thread
 on the topic you discuss, then I will reply there.

 Can we try to maintain some thread discipline, please?

 Regards
 Terry

 On 01/09/11 17:59, Rob Weir wrote:

 On Thu, Sep 1, 2011 at 12:46 PM, Terry Ellisonte...@ellisons.org.uk
  wrote:

 Anyone is able to join the OOo Community forums, but we also have a
 number
 of closed forums use for internal management of the site.  If any
 committers
 would like to have access to these, then just make sure that they've got
 an
 active account on the current production service (not
 ooo-forums.apache.org)
 and email me me from it requesting access.  I will then raise you to
 volunteer so that you can see the main closed forums.

 -1

 I propose that we eliminate any such internal management forums...snip

Re: Request dev help: Info for required crypto export declaration

So in general OpenOffice supports encryption and digital signatures
and https/SSL. So we have support for standard algorithms, from
one-way hashes like SHA-1, to block encryption like Blowfish and
AES-256, to public key cryptography per the W3C's XML Digital
Signatures. We also support legacy Microsoft Office encryption
algorithms that are generally weaker and used only for backwards
compatibility.

I'm not a crypto expert, so I'm not sure what something exotic would
look like. I think the strongest thing we have is AES-256.

-Rob

On Thu, Sep 1, 2011 at 3:25 PM, Robert Burrell Donkin
robertburrelldon...@gmail.com wrote:
On Thu, Sep 1, 2011 at 8:18 PM, Donald Whytock dwhyt...@gmail.com wrote:
On Thu, Sep 1, 2011 at 3:00 PM, Rob Weir r...@robweir.com wrote:
On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin
robertburrelldon...@gmail.com wrote:
Following the instructions[3], step 1 is to work out whether OOo has
any unusual cryptography beyond ECCN 5D002, which is:

blockquote cite='http://www.apache.org/dev/crypto.html#classify
Software specially designed or modified for the development,
production or use of any of the other software of this list, or
software designed to certify other software on this list; or
Software using a symmetric algorithm employing a key length in
excess of 56-bits; or
Software using an asymmetric algorithm where the security of the
algorithm is based on: factorization of integers in excess of 512 bits
(e.g., RSA), computation of discrete logarithms in a multiplicative
group of a finite field of size greater than 512 bits (e.g.,
Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in
excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve).
/blockquote

Does OOo rely on cryptography more exotic than this?

That is where it seems backwards to me. If I'm reading this
correctly, we are OK if we use a symmetrical algorithm with key length
greater than (in excess of) 56-bits. But if we use an algorithm,
with less thanb 56-bits we're considered exotic? Really?

For example, Calc has a ROT13() spreadsheet function, which
undoubtedly is a weak symmetrical encryption technique, certainly not
one with a key length in excess of 56-bits.

So what now? In other words, I'm puzzled by the in excess part.
They seem to be saying that strong encryption is regulated less than
weak encryption.

Could you explain where I'm getting this wrong?

It looks to me like the key phrase is any unusual cryptography beyond
ECCN 5D002, and the definition of that phrase is the cited block, as
opposed to the cited block being a definition of ECCN 5D002.

I am having a remarkably hard time finding a definition of ECCN 5D002.

EAR 740.13(e) should be on
http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfrsid=bad7a54a31430303e17ce648c13e51b3rgn=div5view=textnode=15:2.1.3.4.25idno=15#15:2.1.3.4.25.0.1.13

Robert

RE: Administrative controls / management of the mailing lists

Um, so your answer is no?

You do not have any means to deal with that mailing list issue on the live 
openoffice.org site?

Any suggestions?

 - Dennis

-Original Message-
From: Terry Ellison [mailto:te...@ellisons.org.uk] 
Sent: Thursday, September 01, 2011 12:04
To: dennis.hamil...@acm.org
Cc: ooo-dev@incubator.apache.org
Subject: Administrative controls / management of the mailing lists

Dennis,

As we've discussed previously there is almost a religious split 
between those that work on forums and those that work on MLs and DLs. 
Very few of those involved in the governance of the forums would have 
anything to do with DLs/MLs and v.v.

However, what you are really talking about is a configuration issue of 
the mail forwarder.  It's more an application issue if we get control of 
the application support.  I have exactly the same issues with my mail 
responder that is built into the forums.

 Terry, do you know if those administrative controls extend to the 
 management of the mailing lists, such as the ones for 
 http://fr.openoffice.org (apparently at 
 http://openoffice.org/projects/fr/lists).

 Do you have any information on how we can empower someone to block a 
 bad echo?

 Every post to the more-heavily-populated lists there generates three 
 notices from service-clie...@sc.sfr.fr. Then we need to find the 
 subscribers whose e-mail addresses are landing at the responding site 
 and disable those.

 I also fear that there is nothing in our planned work to preserve 
 these portions of the openoffice.org domain.

 - Dennis

 -Original Message-
 From: Terry Ellison [mailto:te...@ellisons.org.uk]
 Sent: Thursday, September 01, 2011 09:47
 To: ooo-dev@incubator.apache.org
 Subject: An invitation to committers to the OOo Community Forums

 Anyone is able to join the OOo Community forums, but we also have a
 number of closed forums use for internal management of the site. If any
 committers would like to have access to these, then just make sure that
 they've got an active account on the current production service (not
 ooo-forums.apache.org) and email me me from it requesting access. I
 will then raise you to volunteer so that you can see the main closed
 forums.

 Please note: the forum rules apply to all and all volunteers are
 expected to follow them -- including me or any other committer.

 Regards
 Terry

Re: [ooo-user] was RE: us...@openoffice.org [Was: Re: [Discussion] d...@openoffice.org]

2011-09-01 Thread Manfred A. Reiter

2011/8/31 Rob Weir r...@robweir.com:
 On Wed, Aug 31, 2011 at 2:51 PM, Manfred A. Reiter ma.rei...@gmail.com 
 wrote:
 2011/8/31 Rob Weir robw...@apache.org:
 Something else to think about for the ooo-users list: file attachments.


 The experience with the german OOo-users list have shown
 that attachments should be banned. Today it is not an art piece
 to save a file in net and refer to a link to it.


 Did you give the users some sort of automated error message if they
 tried to add an attachment?

 That is the part that concerns me, that we silently strip the
 attachments.  This will just lead to increased noise:

 1) User posts message with attempted attachment

 2) User notices attachment is missing and sends the note again, saying
 sorry, I forget the attachment (Users often blame themselves)

 3) Seeing the attachment is not there again, they are angry and post
 another note, saying, Where the #%$% is my attachment

 4) Helpful support person comes in and says that attachments are not
 allowed and points them to alternatives file sharing mechanisms.


I think all questions are answered ... during my rest and a day of
hard work in the fruit plot ;-)
... only to know, we had a weekly pointer ...
to educate people on the users list ... and it worked fine

http://openoffice.org/projects/de/lists/users/archive/2010-03/message/0

a rough translation from google translate :

-- -
The etiquette of us...@de.openoffice.org-Mailingliste
-- -


What is it about?
-- -

Did you end up on a mailing list with a sometimes very high
Registered mail traffic. To a smooth handling
to allow this mass of mails that have some
Agreements proved. You will of the majority of participants
accepted and applied.

It is not to prescribe anything to anybody. Who
reads the rules will soon realize that all their meaning
have and simplify the handling of the list for all. However
opens up this sense is not always immediate. Wants this email
provide clarity.

A more detailed version of this text with many other
Tips can be found under
http://www.eschkitai.de/openoffice/netikette.html;.



The eight golden rules for good contributions:
-- -

1st Helping people help themselves
2nd Give your real name
3rd For each question, please create a new mail
4th Answers shorten useful
5th Watch for good readability
6th Feedback in the form of a summary
7th Properly configure the mail program
8th Do not send attachments to the list



The main points in detail:
-- -

# # 1 # # # # to help themselves

Try first of all on-line help for OpenOffice.org
To find help. Try more keywords from the index,
not always the first hit or sit, the term,
you chose, or your problem.

You can find instructions in the documentation portal to individual
Modules, support for installation and answers to frequently
Asked Questions (FAQ): http://de.openoffice.org/doc/

The left-hand navigation bar provides a search function. Try them
out.

The sides of the international project
Help (http://www.openoffice.org/) more. Although in English,
they describe exactly those issues, as they also
encounters, and often very evident.

Additional help can be found on pages
Directory of OpenOffice.org (http://www.ooo-portal.de/)
the OpenOffice.org forum (http://de.openoffice.info/) and
the OpenOffice.org Wiki (http://www.ooowiki.de/).
A look to it worthwhile.

Maybe your question is already on the mailing list
been asked and answered. In this case, a look into the
Archive, which under
http://de.openoffice.org/servlets/SummarizeList?listName=users or
http://www.mail-archive.com/users% to find 40de.openoffice.org
is.

If you solve your problem with these aids do not already own
could, but this preliminary work will allow you, your concerns
to describe precisely, and help provide answers to your question
to understand better. Then you should also dig deeper to some
slight fall.

Please do not forget to tell your readers, which version
OpenOffice.org and what operating system you work.

Finally, you can find under
http://de.openoffice.org/about-ooo/about-users-mailinglist.html
further guidance on using the mailing list and to
Logging in and out.


# # 2 # # # # Enter your real name

Please enter your first and last name in the From: line. We
like to know with whom we converse. In real life is
you look so well with the name before and forges links to
others. We find the mention of the name helps solve that
is from an anonymous group of users, a community.


3 # # # # # # For each question, please create a new mail

Participants often use the _Antwortfunktion_ the mail program,
to start a new topic. They delete the quotation as
the imported content and the subject. Remain at

Re: An invitation to committers to the OOo Community Forums

On Thu, Sep 1, 2011 at 3:44 PM, Terry Ellison ter...@apache.org wrote:
 On 01/09/11 20:14, Rob Weir wrote:

 On Thu, Sep 1, 2011 at 2:56 PM, Terry Ellison te...@ellisons.org.uk
 wrote:

 OK, Rob, I now understand your point.  I will do as you request.
  However,
 it seems to me that by making this request you are creating an
 interesting
 catch-22:  I far as I can see there are two facets to this invitation.

  * *Sufficiency*.  These forums are closed because this gives the
    attendees freedom to discuss matters (such as individual poster
    behaviour) that shouldn't be discussed on a public forum.  We only
    invite trusted forum members to join these lists.  (That's is
    that they've demonstrated that they are responsible and have built
    up a body of karma with their forum contributions.)  I would
    have thought that being elected a committer could reasonably be
    deemed to be sufficient to show such trust.

  * *Necessity*.  You seem to want to discuss policy on the governance
    of the forums from within this DL or ooo-private.  I also recall
    some of your previous comments which indicate that these people
    (who have committed hundreds if not thousands of hours to
    supporting this service) do not merit committer status unless they
    have a wider engagement in the project, and they are therefore
    excluded from any ooo-private discussions.  Yet, it seems to me
    that it is entirely reasonable that anyone contributing to this
    discussion should at least have a working knowledge of how the
    forums operate in practice and currently govern themselves.  So I
    do think it necessary as well.


 This is incorrect. We're obviously discussing the policy on the
 public list. We have not discussed this on ooo-private. Discussion
 of policy regarding the treatment of confidential information is
 itself not confidential. In fact, such discussions should probably
 always be public.

 You are also incorrect in your assumption that volunteers need to
 contribute in several areas in order to be committers. Someone who
 makes substantial contributions as a support forum moderator could
 make a great committer candidate. Ditto for a documentation writer, a
 tester, a translator, etc. Committers are not just coders. It is
 about commitment to the project.

 You are suggesting two problems:

 1) We have forum moderators who understand how the forums work, but
 have not made visible contributions to the project yet, so they are
 not currently being nominated as committers.

 2) We have committers who are not familiar with how the forum operates.

 And I'm raising the 3rd issue:

 3) How the forum operates should not be something that occurs in private.

 There is a clear solution here:

 1) Have those who understand how the forum operates today write this
 up in detail as a contribution to the project's website

 2) This would help other committers understand how this works and
 avoids the newbie problem you are concerned with, though we are
 probably not half as dumb as you seem to be assuming. I, for example,
 have run a phpBB board before.

 The issue isn't about phpBB, its more about we operate *these* forums.

 3) This also gives the PPMC and Mentors an opportunity to review the
 forum procedures and ensure they conform Apache expectations, etc.
 This is something we should be doing anyways.

 4) This effort, both in writing up the procedures, and educating the
 existing committers, and through this mutual discussion, would
 probably be a sufficient sign of commitment to get the moderators who
 are do this work to be nominated as project committers.

 So a win-win situation, all around.

 Rob, I think that on your last comments we are lot closer than on your first
 reply.  However, we can either choose to make this change:

 A) a disruptive one: that is we lay down some (from the perspective of the
 volunteers who are currently doing this work) arbitrary and seemly
 irrational new rules on a love it or leave it basis.  In my experience many
 or most will leave given this sort of diktat.  It's a good way to kill off a
 service.

 B) an evolutionary one: that is we engage constructively and get to
 understand the range of perspectives then move the service incrementally to
 an end-point that is mutually acceptable.

 In my experience many or most supporters will leave when faced with the (A)
 sort of diktat. (B) works a LOT better, especially when the people involved
 are making their commitments pro-bono. So I tend to feel that people who
 start with (A) really have an agenda of shutting down a service and those
 who start from (B) want it to prosper.


Transparency is not just a nice to have at Apache.  Transparency is
not irrational.  Transparency is not something we slowly evolve
towards in order to accommodate working habits of volunteers.
Transparency is fundamental about how we do things.

If operating transparently is seen as disruptive, then that may mean
that we are doing a

Re: An invitation to committers to the OOo Community Forums

On Thu, 2011-09-01 at 19:56 +0100, Terry Ellison wrote:
 OK, Rob, I now understand your point.  I will do as you request.  
 However, it seems to me that by making this request you are creating an 
 interesting catch-22:  I far as I can see there are two facets to this 
 invitation.
 
 * *Sufficiency*.  These forums are closed because this gives the
   attendees freedom to discuss matters (such as individual poster
   behaviour) that shouldn't be discussed on a public forum.  We only
   invite trusted forum members to join these lists.  (That's is
   that they've demonstrated that they are responsible and have built
   up a body of karma with their forum contributions.)  I would
   have thought that being elected a committer could reasonably be
   deemed to be sufficient to show such trust.
 
 * *Necessity*.  You seem to want to discuss policy on the governance
   of the forums from within this DL or ooo-private.  I also recall
   some of your previous comments which indicate that these people
   (who have committed hundreds if not thousands of hours to
   supporting this service) do not merit committer status unless they
   have a wider engagement in the project, and they are therefore
   excluded from any ooo-private discussions.  Yet, it seems to me
   that it is entirely reasonable that anyone contributing to this
   discussion should at least have a working knowledge of how the
   forums operate in practice and currently govern themselves.  So I
   do think it necessary as well.
 
 Hence in my view, this invitation makes eminent sense.  Is your counter 
 proposal that only committers who are entirely ignorant of how the 
 forums work should decided on their future governance and existence?  I 
 feel that most Europeans would regard this as a typical American 
 attitude to the rest of the world ;)

Could of done with out the last line there Terry, IMO, even if Rob comes
on a bit strong at times.

Anyway - given that the status of the forums is in reality changing,
finally, it makes sense that it is also open of review by the PPMC.

First what I think are the easy cases.

There are three closed boards per language level forum that I submit
need to remain closed.

The first is named forum-admin, but this can be a bit of misnomer. It's
purpose is quite simple, emails sent to the admin mailing address are
handled by a semi-automated process.

1) An email auto responder emails back a canned message, crafted over
time that explains simple problem solving steps the user can take on
their own. This tends to clear a very large majority of issues without
further intervention.

2) The full email is posted to the forum-admin board along with the
users email address. This is the only board on the site where the email
address is given in clear text.

Every moderator can see that board and is asked to take a part in
reviewing these requests - if the problem is clearly handled by the
canned reply email no action is required. On the other hand if it is one
of the outliers and does require human intervention they can grab it, do
what they think needs dong and add a comment to the email showing what
they did.

This has worked out quite well over time.

The next closed board that needs to stay that way is the Quarantine
board. This board serves a dual purpose.

When any post is deleted on a public board, either by the posting user
or a moderator the post is moved to quarantine, rather then being
immediately removed from the database. 

As this point all moderators can view these deleted posts and a clock
starts. After three days if no action is taken the post is permanently
removed from the database. During this time however a post can be
restored. This happens from time to time with users accidentally
deleting a post, they just need to ask a moderator to un-delete it for
them.

In the case of obvious spam no one does anything and it just slides into
oblivion.

Now normally, if a moderator wants to remove a post for some cause they
would bring it up on the moderator list, but even if they didn't and
they just deleted a post the quarantine list then acts as a peer review
mechanism. Terry mentioned rules, this is a big one, a moderator can't
do something lie this without informing the group as a whole as to what
they did and why. (this includes removing 'obvious' spam...they still
must report the action) Again from time to time it is the judgment of
the larger group to reverse the individuals decision, in which case the
post is restored.

Rounding out this group of boards is the actual moderator board and that
is where these peer reviews and discussion on specific posts by named
users takes place. Although anyone can bring up whatever topic they want
on that board.

To the others on the list here that are admins and moderators at the
forums I would say, I agree with Rob - everything else should really be
open to all.

Anyway - hope that helps.

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 3:59 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
 Let me see if I can help ground this.


Remember, the export could be of code, not just the binaries.  So if
we have code that does asymmetrical encryption, then we are exporting
that, even if in the binaries we call it only in the context of
digital signatures.  Or not.  That seems obvious to me, but IANAL

-Rob


 Currently, digest algorithms are used for a variety of things.  The common 
 case is SHA1.  These are not themselves a concern, as I understand it, since 
 their function is not directly related to encryption even though they come 
 into play in the use of encryption methods.

 There is no support for *document* *encryption* via asymmetric keys.  It is 
 not specified in ODF and there is no way to do it in current implementations 
 as far as I know.

 There is *password-based* *document* *encryption*.  The current default 
 procedure generates a 128-bit (symmetrical, of course) key via PBKDF2 using 
 HMAC-SHA1 and encrypts using Blowfish with 8-bit CFB.  There are provisions, 
 for ODF 1.2, to generate wider keys and use PBKDF2 with rng methods other 
 than HMAC-SHA1.  Substitutes for PBKDF2 and Blowfish are allowed but I don't 
 know the status of any implementation-dependent variations in OpenOffice.org. 
  I believe there are extensions in the builds but they are not currently 
 enabled in the standard distributions.

 There is support for digital signatures using PKI methodologies and those do, 
 of course, use *asymmetric encryption* as part of the signature procedure.  
 We need to catalog what those flavors are that are accepted and that are 
 produced.  Implementations are allowed considerable license in this area and 
 we need to inventory the actual support in OpenOffice.org.

 It is not clear to me that the asymmetrical encryption used for digital 
 signatures is a concern, but it is useful to have all of these methods 
 profiled and catalogued concerning their implementation in OpenOffice.org.  
 Comprehensive profiling of digital signature provisions is required to ensure 
 interoperability in any case.

 I am not aware of any other cases. There are proposals for some modest but 
 valuable modifications in ODF 1.3 and as possible implementation-dependent 
 introductions in products supporting earlier versions of ODF.  Any such 
 implementations would need to be identified too, although none of those I am 
 aware of introduce additional encryption algoritms.

  - Dennis

 -Original Message-
 From: Robert Burrell Donkin [mailto:robertburrelldon...@gmail.com]
 Sent: Thursday, September 01, 2011 12:14
 To: ooo-dev@incubator.apache.org
 Subject: Re: Request dev help: Info for required crypto export declaration

 On Thu, Sep 1, 2011 at 8:00 PM, Rob Weir r...@robweir.com wrote:
 On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin
 robertburrelldon...@gmail.com wrote:
 On Thu, Sep 1, 2011 at 7:38 PM, Dennis E. Hamilton
 dennis.hamil...@acm.org wrote:
 Please just do it this way:

 http://www.apache.org/dev/crypto.html

 ASF is very clear on what is required for *its* releases and this page 
 appears to be comprehensive.

 The Apache rules break down into reporting to users and notification.
 Informing users is important but notification is urgent (making source
 available [1] counts as export).

 (I finally found where I saw this before.  It has also been discussed here 
 or on the ooo-private list before.  I remembered it as being simpler than 
 it is.)

 (It looks worse than it is)

 Following the instructions[3], step 1 is to work out whether OOo has
 any unusual cryptography beyond ECCN 5D002, which is:

 blockquote cite='http://www.apache.org/dev/crypto.html#classify
   Software specially designed or modified for the development,
 production or use of any of the other software of this list, or
 software designed to certify other software on this list; or
   Software using a symmetric algorithm employing a key length in
 excess of 56-bits; or
   Software using an asymmetric algorithm where the security of the
 algorithm is based on: factorization of integers in excess of 512 bits
 (e.g., RSA), computation of discrete logarithms in a multiplicative
   group of a finite field of size greater than 512 bits (e.g.,
 Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in
 excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve).
 /blockquote

 Does OOo rely on cryptography more exotic than this?


 That is where it seems backwards to me.  If I'm reading this
 correctly, we are OK if we use a symmetrical algorithm with key length
 greater than (in excess of) 56-bits.  But if we use an algorithm,
 with less thanb 56-bits we're considered exotic?  Really?

 Remember that we're only interested in strong cryptography :-)

 IIRC symmetric and asymmetric algorithms weaker than this are not
 considered strong cryptography, and so don't fall under ECCN 5D002.
 Cryptography which is

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 8:40 PM, Donald Whytock dwhyt...@gmail.com wrote:
 On Thu, Sep 1, 2011 at 3:25 PM, Robert Burrell Donkin
 robertburrelldon...@gmail.com wrote:
 EAR 740.13(e) should be on
 http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfrsid=bad7a54a31430303e17ce648c13e51b3rgn=div5view=textnode=15:2.1.3.4.25idno=15#15:2.1.3.4.25.0.1.13

 Robert


 Thanks, Robert.

 IANAL, but on that page I see reference to the phrase publicly
 available encryption source code.  ASF, by charter, is a repository
 of publicly available source code.  If OOo is officially an ASF
 project, does that take it out of the category of a product for export
 and into the category of publicly available source code?

As our source is publicly available, the TSU exception applies [1]

Robert

[1] http://www.apache.org/dev/crypto.html

RE: Request dev help: Info for required crypto export declaration

I'm not aware of any legacy encryption in non-ODF formats being supported on 
output or input.  I must try that.

Rob,

Is it your understanding that http is implemented directly in OpenOffice, or is 
the platform provider of http: and https: schemes relied upon?  I would be 
amazed to learn that OpenOffice.org deals with SSL certifications, but I guess 
I should be prepared for anything.

 - Dennis

-Original Message-
From: Rob Weir [mailto:robw...@apache.org] 
Sent: Thursday, September 01, 2011 12:32
To: ooo-dev@incubator.apache.org
Subject: Re: Request dev help: Info for required crypto export declaration

So in general OpenOffice supports encryption and digital signatures
and https/SSL.  So we have support for standard algorithms, from
one-way hashes like SHA-1, to block encryption like Blowfish and
AES-256,  to public key cryptography per the W3C's XML Digital
Signatures.   We also support legacy Microsoft Office encryption
algorithms that are generally weaker and used only for backwards
compatibility.

I'm not a crypto expert, so I'm not sure what something exotic would
look like.  I think the strongest thing we have is AES-256.

-Rob

On Thu, Sep 1, 2011 at 3:25 PM, Robert Burrell Donkin
robertburrelldon...@gmail.com wrote:
 On Thu, Sep 1, 2011 at 8:18 PM, Donald Whytock dwhyt...@gmail.com wrote:
 On Thu, Sep 1, 2011 at 3:00 PM, Rob Weir r...@robweir.com wrote:
 On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin
 robertburrelldon...@gmail.com wrote:
 Following the instructions[3], step 1 is to work out whether OOo has
 any unusual cryptography beyond ECCN 5D002, which is:

 blockquote cite='http://www.apache.org/dev/crypto.html#classify
   Software specially designed or modified for the development,
 production or use of any of the other software of this list, or
 software designed to certify other software on this list; or
   Software using a symmetric algorithm employing a key length in
 excess of 56-bits; or
   Software using an asymmetric algorithm where the security of the
 algorithm is based on: factorization of integers in excess of 512 bits
 (e.g., RSA), computation of discrete logarithms in a multiplicative
   group of a finite field of size greater than 512 bits (e.g.,
 Diffie-Hellman over Z/pZ), or other discrete logarithms in a group in
 excess of 112 bits (e.g., Diffie-Hellman over an elliptic curve).
 /blockquote

 Does OOo rely on cryptography more exotic than this?


 That is where it seems backwards to me.  If I'm reading this
 correctly, we are OK if we use a symmetrical algorithm with key length
 greater than (in excess of) 56-bits.  But if we use an algorithm,
 with less thanb 56-bits we're considered exotic?  Really?

 For example, Calc has a ROT13() spreadsheet function, which
 undoubtedly is a weak symmetrical encryption technique, certainly not
 one with a key length in excess of 56-bits.

 So what now?  In other words, I'm puzzled by the in excess part.
 They seem to be saying that strong encryption is regulated less than
 weak encryption.

 Could you explain where I'm getting this wrong?


 It looks to me like the key phrase is any unusual cryptography beyond
 ECCN 5D002, and the definition of that phrase is the cited block, as
 opposed to the cited block being a definition of ECCN 5D002.

 I am having a remarkably hard time finding a definition of ECCN 5D002.

 EAR 740.13(e) should be on
 http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfrsid=bad7a54a31430303e17ce648c13e51b3rgn=div5view=textnode=15:2.1.3.4.25idno=15#15:2.1.3.4.25.0.1.13

 Robert

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 8:59 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
 Let me see if I can help ground this.

 Currently, digest algorithms are used for a variety of things.  The common 
 case is SHA1.  These are not themselves a concern, as I understand it, since 
 their function is not directly related to encryption even though they come 
 into play in the use of encryption methods.

AIUI only encryption is of concern

 There is no support for *document* *encryption* via asymmetric keys.  It is 
 not specified in ODF and there is no way to do it in current implementations 
 as far as I know.

Ok

 There is *password-based* *document* *encryption*.  The current default 
 procedure generates a 128-bit (symmetrical, of course) key via PBKDF2 using 
 HMAC-SHA1 and encrypts using Blowfish with 8-bit CFB.  There are provisions, 
 for ODF 1.2, to generate wider keys and use PBKDF2 with rng methods other 
 than HMAC-SHA1.  Substitutes for PBKDF2 and Blowfish are allowed but I don't 
 know the status of any implementation-dependent variations in OpenOffice.org. 
  I believe there are extensions in the builds but they are not currently 
 enabled in the standard distributions.

Sounds likely to be strong cryptography falling under 'Software using
a symmetric algorithm employing a key length in excess of 56-bits'

 There is support for digital signatures using PKI methodologies and those do, 
 of course, use *asymmetric encryption* as part of the signature procedure.  
 We need to catalog what those flavors are that are accepted and that are 
 produced.  Implementations are allowed considerable license in this area and 
 we need to inventory the actual support in OpenOffice.org.

+1

 It is not clear to me that the asymmetrical encryption used for digital 
 signatures is a concern, but it is useful to have all of these methods 
 profiled and catalogued concerning their implementation in OpenOffice.org.  
 Comprehensive profiling of digital signature provisions is required to ensure 
 interoperability in any case.

+1

 I am not aware of any other cases. There are proposals for some modest but 
 valuable modifications in ODF 1.3 and as possible implementation-dependent 
 introductions in products supporting earlier versions of ODF.  Any such 
 implementations would need to be identified too, although none of those I am 
 aware of introduce additional encryption algoritms.

So far, looks like OOo most likely has strong crypto but it's all
fairly standard stuff. We should press forward with the notification
required by law whilst auditing the code.

Robert

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 9:03 PM, Rob Weir r...@robweir.com wrote:
 On Thu, Sep 1, 2011 at 3:59 PM, Dennis E. Hamilton
 dennis.hamil...@acm.org wrote:
 Let me see if I can help ground this.


 Remember, the export could be of code, not just the binaries.  So if
 we have code that does asymmetrical encryption, then we are exporting
 that, even if in the binaries we call it only in the context of
 digital signatures.  Or not.  That seems obvious to me, but IANAL

Also code intended to work with cryptography libraries (whether shipped or not)

Robert

Re: An invitation to committers to the OOo Community Forums

On Thu, Sep 1, 2011 at 4:00 PM, drew d...@baseanswers.com wrote:
 On Thu, 2011-09-01 at 19:56 +0100, Terry Ellison wrote:
 OK, Rob, I now understand your point.  I will do as you request.
 However, it seems to me that by making this request you are creating an
 interesting catch-22:  I far as I can see there are two facets to this
 invitation.

     * *Sufficiency*.  These forums are closed because this gives the
       attendees freedom to discuss matters (such as individual poster
       behaviour) that shouldn't be discussed on a public forum.  We only
       invite trusted forum members to join these lists.  (That's is
       that they've demonstrated that they are responsible and have built
       up a body of karma with their forum contributions.)  I would
       have thought that being elected a committer could reasonably be
       deemed to be sufficient to show such trust.

     * *Necessity*.  You seem to want to discuss policy on the governance
       of the forums from within this DL or ooo-private.  I also recall
       some of your previous comments which indicate that these people
       (who have committed hundreds if not thousands of hours to
       supporting this service) do not merit committer status unless they
       have a wider engagement in the project, and they are therefore
       excluded from any ooo-private discussions.  Yet, it seems to me
       that it is entirely reasonable that anyone contributing to this
       discussion should at least have a working knowledge of how the
       forums operate in practice and currently govern themselves.  So I
       do think it necessary as well.

 Hence in my view, this invitation makes eminent sense.  Is your counter
 proposal that only committers who are entirely ignorant of how the
 forums work should decided on their future governance and existence?  I
 feel that most Europeans would regard this as a typical American
 attitude to the rest of the world ;)

 Could of done with out the last line there Terry, IMO, even if Rob comes
 on a bit strong at times.

 Anyway - given that the status of the forums is in reality changing,
 finally, it makes sense that it is also open of review by the PPMC.

 First what I think are the easy cases.

 There are three closed boards per language level forum that I submit
 need to remain closed.

 The first is named forum-admin, but this can be a bit of misnomer. It's
 purpose is quite simple, emails sent to the admin mailing address are
 handled by a semi-automated process.

 1) An email auto responder emails back a canned message, crafted over
 time that explains simple problem solving steps the user can take on
 their own. This tends to clear a very large majority of issues without
 further intervention.

 2) The full email is posted to the forum-admin board along with the
 users email address. This is the only board on the site where the email
 address is given in clear text.

 Every moderator can see that board and is asked to take a part in
 reviewing these requests - if the problem is clearly handled by the
 canned reply email no action is required. On the other hand if it is one
 of the outliers and does require human intervention they can grab it, do
 what they think needs dong and add a comment to the email showing what
 they did.

 This has worked out quite well over time.

 The next closed board that needs to stay that way is the Quarantine
 board. This board serves a dual purpose.

 When any post is deleted on a public board, either by the posting user
 or a moderator the post is moved to quarantine, rather then being
 immediately removed from the database.

 As this point all moderators can view these deleted posts and a clock
 starts. After three days if no action is taken the post is permanently
 removed from the database. During this time however a post can be
 restored. This happens from time to time with users accidentally
 deleting a post, they just need to ask a moderator to un-delete it for
 them.

 In the case of obvious spam no one does anything and it just slides into
 oblivion.

 Now normally, if a moderator wants to remove a post for some cause they
 would bring it up on the moderator list, but even if they didn't and
 they just deleted a post the quarantine list then acts as a peer review
 mechanism. Terry mentioned rules, this is a big one, a moderator can't
 do something lie this without informing the group as a whole as to what
 they did and why. (this includes removing 'obvious' spam...they still
 must report the action) Again from time to time it is the judgment of
 the larger group to reverse the individuals decision, in which case the
 post is restored.

 Rounding out this group of boards is the actual moderator board and that
 is where these peer reviews and discussion on specific posts by named
 users takes place. Although anyone can bring up whatever topic they want
 on that board.


I could see an operational need for the first two.  They are not used
as

RE: Request dev help: Info for required crypto export declaration

I am not making a judgment in the case of encryption used as part of 
digital-signature PKI-based methods.  We need to identify them regardless.  

I also don't know if those particular encryptions are done in OpenOffice.org 
code or are handled by the platforms at runtime.  This might vary depending on 
the platform.  We need to comprehend such variations for interoperability 
purposes as well.

 - Dennis

-Original Message-
From: rabas...@gmail.com [mailto:rabas...@gmail.com] On Behalf Of Rob Weir
Sent: Thursday, September 01, 2011 13:03
To: ooo-dev@incubator.apache.org
Subject: Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 3:59 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
 Let me see if I can help ground this.


Remember, the export could be of code, not just the binaries.  So if
we have code that does asymmetrical encryption, then we are exporting
that, even if in the binaries we call it only in the context of
digital signatures.  Or not.  That seems obvious to me, but IANAL

-Rob


 Currently, digest algorithms are used for a variety of things.  The common 
 case is SHA1.  These are not themselves a concern, as I understand it, since 
 their function is not directly related to encryption even though they come 
 into play in the use of encryption methods.

 There is no support for *document* *encryption* via asymmetric keys.  It is 
 not specified in ODF and there is no way to do it in current implementations 
 as far as I know.

 There is *password-based* *document* *encryption*.  The current default 
 procedure generates a 128-bit (symmetrical, of course) key via PBKDF2 using 
 HMAC-SHA1 and encrypts using Blowfish with 8-bit CFB.  There are provisions, 
 for ODF 1.2, to generate wider keys and use PBKDF2 with rng methods other 
 than HMAC-SHA1.  Substitutes for PBKDF2 and Blowfish are allowed but I don't 
 know the status of any implementation-dependent variations in OpenOffice.org. 
  I believe there are extensions in the builds but they are not currently 
 enabled in the standard distributions.

 There is support for digital signatures using PKI methodologies and those do, 
 of course, use *asymmetric encryption* as part of the signature procedure.  
 We need to catalog what those flavors are that are accepted and that are 
 produced.  Implementations are allowed considerable license in this area and 
 we need to inventory the actual support in OpenOffice.org.

 It is not clear to me that the asymmetrical encryption used for digital 
 signatures is a concern, but it is useful to have all of these methods 
 profiled and catalogued concerning their implementation in OpenOffice.org.  
 Comprehensive profiling of digital signature provisions is required to ensure 
 interoperability in any case.

 I am not aware of any other cases. There are proposals for some modest but 
 valuable modifications in ODF 1.3 and as possible implementation-dependent 
 introductions in products supporting earlier versions of ODF.  Any such 
 implementations would need to be identified too, although none of those I am 
 aware of introduce additional encryption algoritms.

  - Dennis

 -Original Message-
 From: Robert Burrell Donkin [mailto:robertburrelldon...@gmail.com]
 Sent: Thursday, September 01, 2011 12:14
 To: ooo-dev@incubator.apache.org
 Subject: Re: Request dev help: Info for required crypto export declaration

 On Thu, Sep 1, 2011 at 8:00 PM, Rob Weir r...@robweir.com wrote:
 On Thu, Sep 1, 2011 at 2:51 PM, Robert Burrell Donkin
 robertburrelldon...@gmail.com wrote:
 On Thu, Sep 1, 2011 at 7:38 PM, Dennis E. Hamilton
 dennis.hamil...@acm.org wrote:
 Please just do it this way:

 http://www.apache.org/dev/crypto.html

 ASF is very clear on what is required for *its* releases and this page 
 appears to be comprehensive.

 The Apache rules break down into reporting to users and notification.
 Informing users is important but notification is urgent (making source
 available [1] counts as export).

 (I finally found where I saw this before.  It has also been discussed here 
 or on the ooo-private list before.  I remembered it as being simpler than 
 it is.)

 (It looks worse than it is)

 Following the instructions[3], step 1 is to work out whether OOo has
 any unusual cryptography beyond ECCN 5D002, which is:

 blockquote cite='http://www.apache.org/dev/crypto.html#classify
   Software specially designed or modified for the development,
 production or use of any of the other software of this list, or
 software designed to certify other software on this list; or
   Software using a symmetric algorithm employing a key length in
 excess of 56-bits; or
   Software using an asymmetric algorithm where the security of the
 algorithm is based on: factorization of integers in excess of 512 bits
 (e.g., RSA), computation of discrete logarithms in a multiplicative
   group of a finite field of size greater than 512 bits (e.g.,
 Diffie-Hellman over Z/pZ), or

RE: An invitation to committers to the OOo Community Forums

This should really be on its own thread as Terry requested.

In any case, I believe the private forums are for roughly the same reasons that 
the PPMC list is private.  The administrators address disputes, deal with bad 
behavior, etc.

I notice that moderator actions on lists here are not dealt with 
transparently and why should they be?  We don't even know who the moderators 
are, in general, especially for lists created before there were any lists on 
which to learn such things.

I believe this is similar, in that there are moderation privileges and a place 
for those with such privileges to discuss matters in private.  If not there 
already, it would be easy to have a public forum in each cluster for issues 
about the forum itself.  There still needs a private means of communication on 
what are sensitive matters, in the current live system and any counterpart 
under Apache auspices.

 - Dennis

-Original Message-
From: Rob Weir [mailto:robw...@apache.org] 
Sent: Thursday, September 01, 2011 12:59
To: ooo-dev@incubator.apache.org
Subject: Re: An invitation to committers to the OOo Community Forums

On Thu, Sep 1, 2011 at 3:44 PM, Terry Ellison ter...@apache.org wrote:
 On 01/09/11 20:14, Rob Weir wrote:

 On Thu, Sep 1, 2011 at 2:56 PM, Terry Ellison te...@ellisons.org.uk
 wrote:

 OK, Rob, I now understand your point.  I will do as you request.
  However,
 it seems to me that by making this request you are creating an
 interesting
 catch-22:  I far as I can see there are two facets to this invitation.

  * *Sufficiency*.  These forums are closed because this gives the
attendees freedom to discuss matters (such as individual poster
behaviour) that shouldn't be discussed on a public forum.  We only
invite trusted forum members to join these lists.  (That's is
that they've demonstrated that they are responsible and have built
up a body of karma with their forum contributions.)  I would
have thought that being elected a committer could reasonably be
deemed to be sufficient to show such trust.

  * *Necessity*.  You seem to want to discuss policy on the governance
of the forums from within this DL or ooo-private.  I also recall
some of your previous comments which indicate that these people
(who have committed hundreds if not thousands of hours to
supporting this service) do not merit committer status unless they
have a wider engagement in the project, and they are therefore
excluded from any ooo-private discussions.  Yet, it seems to me
that it is entirely reasonable that anyone contributing to this
discussion should at least have a working knowledge of how the
forums operate in practice and currently govern themselves.  So I
do think it necessary as well.


 This is incorrect. We're obviously discussing the policy on the
 public list. We have not discussed this on ooo-private. Discussion
 of policy regarding the treatment of confidential information is
 itself not confidential. In fact, such discussions should probably
 always be public.

 You are also incorrect in your assumption that volunteers need to
 contribute in several areas in order to be committers. Someone who
 makes substantial contributions as a support forum moderator could
 make a great committer candidate. Ditto for a documentation writer, a
 tester, a translator, etc. Committers are not just coders. It is
 about commitment to the project.

 You are suggesting two problems:

 1) We have forum moderators who understand how the forums work, but
 have not made visible contributions to the project yet, so they are
 not currently being nominated as committers.

 2) We have committers who are not familiar with how the forum operates.

 And I'm raising the 3rd issue:

 3) How the forum operates should not be something that occurs in private.

 There is a clear solution here:

 1) Have those who understand how the forum operates today write this
 up in detail as a contribution to the project's website

 2) This would help other committers understand how this works and
 avoids the newbie problem you are concerned with, though we are
 probably not half as dumb as you seem to be assuming. I, for example,
 have run a phpBB board before.

 The issue isn't about phpBB, its more about we operate *these* forums.

 3) This also gives the PPMC and Mentors an opportunity to review the
 forum procedures and ensure they conform Apache expectations, etc.
 This is something we should be doing anyways.

 4) This effort, both in writing up the procedures, and educating the
 existing committers, and through this mutual discussion, would
 probably be a sufficient sign of commitment to get the moderators who
 are do this work to be nominated as project committers.

 So a win-win situation, all around.

 Rob, I think that on your last comments we are lot closer than on your first
 reply.  However, we can either choose to make this change:

 A) a disruptive one: that is we lay down some (from

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 4:11 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
I'm not aware of any legacy encryption in non-ODF formats being supported
on output or input. I must try that.

Rob,

Is it your understanding that http is implemented directly in OpenOffice, or
is the platform provider of http: and https: schemes relied upon? I would be
amazed to learn that OpenOffice.org deals with SSL certifications, but I
guess I should be prepared for anything.

It is still declarable even if we are simply enabled for using a 3rd
party service. So, for example, if we make calls into an OS-level URL
protocol handler that negotiates SSL for https URL's, then that would
count. That is my reading of it.

- Dennis

-Original Message-
From: Rob Weir [mailto:robw...@apache.org]
Sent: Thursday, September 01, 2011 12:32
To: ooo-dev@incubator.apache.org
Subject: Re: Request dev help: Info for required crypto export declaration

I'm not a crypto expert, so I'm not sure what something exotic would
look like. I think the strongest thing we have is AES-256.

-Rob

Does OOo rely on cryptography more exotic than this?

For example, Calc has a ROT13() spreadsheet function, which
undoubtedly is a weak symmetrical encryption technique, certainly not
one with a key length in excess of 56-bits.

So what now? In other words, I'm puzzled by the in excess part.
They seem to be saying that strong encryption is regulated less than
weak encryption.

Could you explain where I'm getting this wrong?

It looks to me like the key phrase is any unusual cryptography beyond
ECCN 5D002, and the definition of that phrase is the cited block, as
opposed to the cited block being a definition of ECCN 5D002.

I am having a remarkably hard time finding a definition of ECCN 5D002.

EAR 740.13(e) should be on
http://ecfr.gpoaccess.gov/cgi/t/text/text-idx?c=ecfrsid=bad7a54a31430303e17ce648c13e51b3rgn=div5view=textnode=15:2.1.3.4.25idno=15#15:2.1.3.4.25.0.1.13

Robert

RE: Request dev help: Info for required crypto export declaration

Technically, this was to have been resolved before the code was put up on SVN.  
We need to audit specifically for this rather quickly, and including the places 
that Rob also identified (import-export filters and http TLS). 

 - Dennis

-Original Message-
From: Robert Burrell Donkin [mailto:robertburrelldon...@gmail.com] 
Sent: Thursday, September 01, 2011 13:13
To: ooo-dev@incubator.apache.org; dennis.hamil...@acm.org
Subject: Re: Request dev help: Info for required crypto export declaration

[ ... ]

So far, looks like OOo most likely has strong crypto but it's all
fairly standard stuff. We should press forward with the notification
required by law whilst auditing the code.

Robert

Re: An invitation to committers to the OOo Community Forums

On Thu, Sep 1, 2011 at 4:29 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
 This should really be on its own thread as Terry requested.

 In any case, I believe the private forums are for roughly the same reasons 
 that the PPMC list is private.  The administrators address disputes, deal 
 with bad behavior, etc.


But that fact is we don't use ooo-private for that kind of thing.  You
know that.  We've never, ever discussed a bad behavior, dealt with
disputes, etc., on ooo-private.We resolve disputes here, on
ooo-dev, in full public view.  Why would you suggest that we have ever
done otherwise?

 I notice that moderator actions on lists here are not dealt with 
 transparently and why should they be?  We don't even know who the 
 moderators are, in general, especially for lists created before there were 
 any lists on which to learn such things.


We don't do moderation in the sense that the forums do.  We don't hold
back posts that are off-topic, that are showing bad behavior, etc.
That is not what list moderators do.  All we really do is catch posts
that come from non-subscribers and do a quick glance to see if they
are spam.  If not, we let them through.If you read Drew's
description of how the forums are dealing with moderation, it sounds
like they have a much more intense, secret, deliberative process
around moderation.

 I believe this is similar, in that there are moderation privileges and a 
 place for those with such privileges to discuss matters in private.  If not 
 there already, it would be easy to have a public forum in each cluster for 
 issues about the forum itself.  There still needs a private means of 
 communication on what are sensitive matters, in the current live system and 
 any counterpart under Apache auspices.


We have such a method, if it were needed.  It is called ooo-private.
If we think that 30 private forums are needed in order to discuss bad
behavior in support posts (3 forums per each of 10 languages) then I
think we're doing support moderation wrong.

-Rob

  - Dennis

 -Original Message-
 From: Rob Weir [mailto:robw...@apache.org]
 Sent: Thursday, September 01, 2011 12:59
 To: ooo-dev@incubator.apache.org
 Subject: Re: An invitation to committers to the OOo Community Forums

 On Thu, Sep 1, 2011 at 3:44 PM, Terry Ellison ter...@apache.org wrote:
 On 01/09/11 20:14, Rob Weir wrote:

 On Thu, Sep 1, 2011 at 2:56 PM, Terry Ellison te...@ellisons.org.uk
 wrote:

 OK, Rob, I now understand your point.  I will do as you request.
  However,
 it seems to me that by making this request you are creating an
 interesting
 catch-22:  I far as I can see there are two facets to this invitation.

  * *Sufficiency*.  These forums are closed because this gives the
    attendees freedom to discuss matters (such as individual poster
    behaviour) that shouldn't be discussed on a public forum.  We only
    invite trusted forum members to join these lists.  (That's is
    that they've demonstrated that they are responsible and have built
    up a body of karma with their forum contributions.)  I would
    have thought that being elected a committer could reasonably be
    deemed to be sufficient to show such trust.

  * *Necessity*.  You seem to want to discuss policy on the governance
    of the forums from within this DL or ooo-private.  I also recall
    some of your previous comments which indicate that these people
    (who have committed hundreds if not thousands of hours to
    supporting this service) do not merit committer status unless they
    have a wider engagement in the project, and they are therefore
    excluded from any ooo-private discussions.  Yet, it seems to me
    that it is entirely reasonable that anyone contributing to this
    discussion should at least have a working knowledge of how the
    forums operate in practice and currently govern themselves.  So I
    do think it necessary as well.


 This is incorrect. We're obviously discussing the policy on the
 public list. We have not discussed this on ooo-private. Discussion
 of policy regarding the treatment of confidential information is
 itself not confidential. In fact, such discussions should probably
 always be public.

 You are also incorrect in your assumption that volunteers need to
 contribute in several areas in order to be committers. Someone who
 makes substantial contributions as a support forum moderator could
 make a great committer candidate. Ditto for a documentation writer, a
 tester, a translator, etc. Committers are not just coders. It is
 about commitment to the project.

 You are suggesting two problems:

 1) We have forum moderators who understand how the forums work, but
 have not made visible contributions to the project yet, so they are
 not currently being nominated as committers.

 2) We have committers who are not familiar with how the forum operates.

 And I'm raising the 3rd issue:

 3) How the forum operates should not be something that occurs in private.

Re: draft blog post on the Linux build education event

On Thu, Sep 1, 2011 at 3:40 PM, Manfred A. Reiter ma.rei...@gmail.com wrote:
 thanks for the link. it works fine.
 blog looks nice and we will what happens next wednesday ;-)


It will be interesting.  I just did a fresh install of Ubuntu 11.04,
totally default, virgin, no extra apt-get's.   I'll do the install on
that, to make sure we have a good list of what would need to be done
to a clean install.


 M.

 2011/9/1 Rob Weir robw...@apache.org:
 On Thu, Sep 1, 2011 at 1:50 PM, Joe Schaefer joe_schae...@yahoo.com wrote:


 http://www.apache.org/dev/blogs.html describes the
 (public) preview url for blog articles.



 Thanks for the hint, Joe.

 If I understood it correctly, this version should be viewable.  It
 works for me, but you never know when persistent cookies are playing
 tricks with you.

 http://blogs.apache.org/preview/OOo/?previewEntry=apache_openoffice_org_developer_education

 -Rob

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 9:35 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
 Technically, this was to have been resolved before the code was put up on 
 SVN.  We need to audit specifically for this rather quickly, and including 
 the places that Rob also identified (import-export filters and http TLS).

I definitely recommend a full crypto audit but IIRC it's not necessary
before sending the initial notification.

AIUI (from [1] and [2]) all that's needed is a list of the
cryptographic libraries used by OOo. If the results of the full audit
differ then we can just update the details and send an updated
notification.

Robert

[1] http://www.apache.org/dev/crypto.html#sources
[2] http://www.apache.org/licenses/exports/

Re: An invitation to committers to the OOo Community Forums

Crazy idea.  But is it possible at all to cause all posts to private
forums to be echoed to the ooo-private list?

That would address several of my concerns:

1) Guaranteed archiving of these posts in a form that Apache Members
can inspect, if there is ever a future dispute

2) Allows PPMC and Mentor oversight of the traffic, to ensure that it
is not being abused.

3) Makes the full range of contributions of moderators more obvious to
the PPMC, which helps make a better case for them being offered
committer status.

-Rob


On Thu, Sep 1, 2011 at 3:44 PM, Terry Ellison ter...@apache.org wrote:
 On 01/09/11 20:14, Rob Weir wrote:

 On Thu, Sep 1, 2011 at 2:56 PM, Terry Ellison te...@ellisons.org.uk
 wrote:

 OK, Rob, I now understand your point.  I will do as you request.
  However,
 it seems to me that by making this request you are creating an
 interesting
 catch-22:  I far as I can see there are two facets to this invitation.

  * *Sufficiency*.  These forums are closed because this gives the
    attendees freedom to discuss matters (such as individual poster
    behaviour) that shouldn't be discussed on a public forum.  We only
    invite trusted forum members to join these lists.  (That's is
    that they've demonstrated that they are responsible and have built
    up a body of karma with their forum contributions.)  I would
    have thought that being elected a committer could reasonably be
    deemed to be sufficient to show such trust.

  * *Necessity*.  You seem to want to discuss policy on the governance
    of the forums from within this DL or ooo-private.  I also recall
    some of your previous comments which indicate that these people
    (who have committed hundreds if not thousands of hours to
    supporting this service) do not merit committer status unless they
    have a wider engagement in the project, and they are therefore
    excluded from any ooo-private discussions.  Yet, it seems to me
    that it is entirely reasonable that anyone contributing to this
    discussion should at least have a working knowledge of how the
    forums operate in practice and currently govern themselves.  So I
    do think it necessary as well.


 This is incorrect. We're obviously discussing the policy on the
 public list. We have not discussed this on ooo-private. Discussion
 of policy regarding the treatment of confidential information is
 itself not confidential. In fact, such discussions should probably
 always be public.

 You are also incorrect in your assumption that volunteers need to
 contribute in several areas in order to be committers. Someone who
 makes substantial contributions as a support forum moderator could
 make a great committer candidate. Ditto for a documentation writer, a
 tester, a translator, etc. Committers are not just coders. It is
 about commitment to the project.

 You are suggesting two problems:

 1) We have forum moderators who understand how the forums work, but
 have not made visible contributions to the project yet, so they are
 not currently being nominated as committers.

 2) We have committers who are not familiar with how the forum operates.

 And I'm raising the 3rd issue:

 3) How the forum operates should not be something that occurs in private.

 There is a clear solution here:

 1) Have those who understand how the forum operates today write this
 up in detail as a contribution to the project's website

 2) This would help other committers understand how this works and
 avoids the newbie problem you are concerned with, though we are
 probably not half as dumb as you seem to be assuming. I, for example,
 have run a phpBB board before.

 The issue isn't about phpBB, its more about we operate *these* forums.

 3) This also gives the PPMC and Mentors an opportunity to review the
 forum procedures and ensure they conform Apache expectations, etc.
 This is something we should be doing anyways.

 4) This effort, both in writing up the procedures, and educating the
 existing committers, and through this mutual discussion, would
 probably be a sufficient sign of commitment to get the moderators who
 are do this work to be nominated as project committers.

 So a win-win situation, all around.

 Rob, I think that on your last comments we are lot closer than on your first
 reply.  However, we can either choose to make this change:

 A) a disruptive one: that is we lay down some (from the perspective of the
 volunteers who are currently doing this work) arbitrary and seemly
 irrational new rules on a love it or leave it basis.  In my experience many
 or most will leave given this sort of diktat.  It's a good way to kill off a
 service.

 B) an evolutionary one: that is we engage constructively and get to
 understand the range of perspectives then move the service incrementally to
 an end-point that is mutually acceptable.

 In my experience many or most supporters will leave when faced with the (A)
 sort of diktat. (B) works a LOT better, especially when the people

Re: An invitation to committers to the OOo Community Forums

On Thu, 2011-09-01 at 16:26 -0400, Rob Weir wrote:
 On Thu, Sep 1, 2011 at 4:00 PM, drew d...@baseanswers.com wrote:
  On Thu, 2011-09-01 at 19:56 +0100, Terry Ellison wrote:

snip

 
 5) If, hypothetically, you did not have the ability to do peer
 reviews and discussion on specific posts by named users, what would
 happen then?  Is there any particular reason why you could not have a
 public discussion about a post that you are considering deleting?
 Maybe in a forum that only moderators can post to, of course.  But is
 there any reason you could not be transparent about how moderation
 works?  This might actually help enforce what your usage expectations
 are.
 

I just described the process - in practice it happens quite infrequently
- the overwhelming deletes are just simple and not so simple attempts to
use the forums as a link farm.  There are people that actually run adds
for contractors to do this type of thing - and it usually takes a few
posts to catch on to what they are up to.

Simply being discourteous or rude isn't going to get you here. People
show up all the time pissed and frustrated and often blow off steam,
sometimes quite vigorously and that's fine - but if it turns into f this
and f that, and you sob this or bastards that...then quite frankly no
that will not be tolerated.

Nearly all of what a person does there is just as you described, getting
people to refine a question so it makes sense, or getting it to the
right place, or recognizing a bug report and getting it into the issue
tracker. 

As for trusting people, we do that in spades, it's not about trust it is
about working collaboratively. I noticed for instance that just today on
the Apache Infra mailing list, Terry had implemented something, another
person on the list rolled it back and then told Terry why - they then
discussed it - I don't think that was a matter of lack of trust, it was
a matter of them learning to work together.

//drew

Re: An invitation to committers to the OOo Community Forums

On Thu, 2011-09-01 at 16:40 -0400, Rob Weir wrote:

 We have such a method, if it were needed.  It is called ooo-private.
 If we think that 30 private forums are needed in order to discuss bad
 behavior in support posts (3 forums per each of 10 languages) 

Come on Rob, people like to work in there own language what is so hard
to understand about that?

Re: [code] build on Linux 64 bits (Fedora 15)

2011-09-01 Thread eric b


Hi,

Le 1 sept. 11 à 23:25, Ariel Constenla-Haile a écrit :



(I just wanted to try with the same options I was building DEV300)
I get the following errors:

* enabling the OpenGL transitions:

Compiling: slideshow/source/engine/OGLTrans/ 
OGLTrans_TransitionerImpl.cxx
slideshow/source/engine/OGLTrans/OGLTrans_TransitionerImpl.cxx: In  
member function 'bool {anonymous}::OGLTransitionerImpl::createWindow 
(Window*)':
slideshow/source/engine/OGLTrans/OGLTrans_TransitionerImpl.cxx: 
490:28: error: 'FALSE' was not declared in this scope
slideshow/source/engine/OGLTrans/OGLTrans_TransitionerImpl.cxx: 
496:28: error: 'FALSE' was not declared in this scope
slideshow/source/engine/OGLTrans/OGLTrans_TransitionerImpl.cxx: 
520:68: error: 'FALSE' was not declared in this scope
slideshow/source/engine/OGLTrans/OGLTrans_TransitionerImpl.cxx: 
546:34: error: 'TRUE' was not declared in this scope
slideshow/source/engine/OGLTrans/OGLTrans_TransitionerImpl.cxx: 
548:36: error: 'FALSE' was not declared in this scope
dmake:  Error code 1, while making '../../../unxlngx6.pro/slo/ 
OGLTrans_TransitionerImpl.obj'


seems the code missed the removal of the old tool's types.



Once we'll have a stabilized tree, means something buildable without  
a headhache (l10n e.g.), I'll have a look at the OpenGL thing too.



Regards,
Eric
--
qɔᴉɹə
Education Project:
http://wiki.services.openoffice.org/wiki/Education_Project
Projet OOo4Kids : http://wiki.ooo4kids.org/index.php/Main_Page
L'association EducOOo : http://www.educoo.org
Blog : http://eric.bachard.org/news

Re: Apache project community and external community

2011-09-01 Thread Ross Gardler

On 1 September 2011 17:27, Ian Lynch ianrly...@gmail.com wrote:
 My view is how do we make
 FOSS more effective?  Partly as a Committer here within the rules associated
 with that, partly through my business with the rules and constraints that
 has and partly with LibreO, why worry? If you can do what you want within
 the rules just do it. If you can't, do those things somewhere else where its
 ok.

Exactly!

The whole point of the ASF way of doing things is that the foundation
stays very tightly focussed on what it does well. It cultivates
communities of people who congregate around needs that can be
satisfied by software. That means the foundation provides
infrastructure to support the communities that build the software. The
foundation tries to stay out of everything else, others do those
things better. For example, the Conference Committee doesn't organise
conferences, it supports people willing to create the local teams who
put on great conferences. The Community Development PMC doesn't fund
internships, it manages the relationship between providers of
internships and the ASF and so on.

The foundations projects do, however, recognise people who seek to
build bridges. Those people are critical to healthy communities and
should be recognised as such. I can think of a few foundation members
who do not write code, they have become foundation members because
they build bridges.

Ross

Re: Administrative controls / management of the mailing lists


Dennis,

The short answer is IMHO: that's correct -- No.  As to the long one: ...

Oracle stopped its major funding of OOo as a mainstream product for 
sound commercial reasons -- though this has resulted in personal 
consequences for a lot of people who worked on OOo and who no longer 
have a job.  Now we've now got some services running unmanned, because 
the people have gone.


We were lucky as far as the OOo wiki was concerned in that I was already 
providing expert support to the Oracle guy who ran the system, and I was 
able to step in with his active cooperation before he left the building.


I believe that Oracle that wants to ensure a bumpless transfer to the 
Apache project wherever possible, and it will find the necessary 
mechanisms to grant project members who have the right technical skills 
and track record to take over these systems.  Our main problem is that 
this list currently seems to contains one name -- mine, though there are 
others who could potentially step into this gap: for example Raphael, 
Kay and Drew.  However we are all already working to our limits.  Maybe 
we just need a cloning machine :(


Quite honestly -- and I can only speak personally -- at the moment I 
feel that I am caught between a rock and a hard place.  My work is time 
consuming and the skills are different to the mainstream C++ trained OOo 
developer, but they are also different to a pure sysAdmin.  In some ways 
you need to be an expert in *both* these worlds and to be able to 
integrate this expertise.  I am not talking about enthusiastic newbie 
volunteers; I am talking about hacks who have done this so many times 
that it's routine.  Again this only my personal experience, but I feel 
that Apache is unwelcoming to newcomers and this seems to be an endemic 
culture, albeit strongly advocated by a few individuals.  It is 
intolerant and often outrightly hostile to domains of expertise outside 
its comfort area -- even though these may be more relevant to the work 
and Apache's wider mission.  In short I am being asked to work long 
hours on technically demanding tasks in a dysfunctional environment.  If 
I was being paid to do what I am doing now, then I would be seriously 
thinking about changing jobs -- and this is from a guy who spent 32 
years working with the same company working to get to its top technical 
tier -- and also one who is now doing this work pro-bono.


So we do have the means in terms of Oracle enabling, but we, the 
project, don't have the resources / expertise to step up to this. If I 
am still here in 3 months and this is still an outstanding issue, then 
I'll try to sort it out.


Regards Terry

On 01/09/11 20:59, Dennis E. Hamilton wrote:

Um, so your answer is no?

You do not have any means to deal with that mailing list issue on the live 
openoffice.org site?

Any suggestions?

  - Dennis

-Original Message-
From: Terry Ellison [mailto:te...@ellisons.org.uk]
Sent: Thursday, September 01, 2011 12:04
To:dennis.hamil...@acm.org
Cc:ooo-dev@incubator.apache.org
Subject: Administrative controls / management of the mailing lists

Dennis,

As we've discussed previously there is almost a religious split
between those that work on forums and those that work on MLs and DLs.
Very few of those involved in the governance of the forums would have
anything to do with DLs/MLs and v.v.

However, what you are really talking about is a configuration issue of
the mail forwarder.  It's more an application issue if we get control of
the application support.  I have exactly the same issues with my mail
responder that is built into the forums.


Terry, do you know if those administrative controls extend to the
management of the mailing lists, such as the ones for
http://fr.openoffice.org  (apparently at
http://openoffice.org/projects/fr/lists).

Do you have any information on how we can empower someone to block a
bad echo?

Every post to the more-heavily-populated lists there generates three
notices fromservice-clie...@sc.sfr.fr. Then we need to find the
subscribers whose e-mail addresses are landing at the responding site
and disable those.

I also fear that there is nothing in our planned work to preserve
these portions of the openoffice.org domain.

- Dennis

-Original Message-
From: Terry Ellison [mailto:te...@ellisons.org.uk]
Sent: Thursday, September 01, 2011 09:47
To:ooo-dev@incubator.apache.org
Subject: An invitation to committers to the OOo Community Forums

Anyone is able to join the OOo Community forums, but we also have a
number of closed forums use for internal management of the site. If any
committers would like to have access to these, then just make sure that
they've got an active account on the current production service (not
ooo-forums.apache.org) and email me me from it requesting access. I
will then raise you to volunteer so that you can see the main closed
forums.

Please note: the forum rules apply to all and all volunteers are
expected to follow them -- including

RE: Administrative controls / management of the mailing lists

2011-09-01 Thread Gavin McDonald

 -Original Message-
 From: Terry Ellison [mailto:te...@ellisons.org.uk]
 Sent: Friday, 2 September 2011 8:02 AM
 To: dennis.hamil...@acm.org
 Cc: ooo-dev@incubator.apache.org
 Subject: Re: Administrative controls / management of the mailing lists

 Dennis,

 The short answer is IMHO: that's correct -- No.  As to the long one: ...

 Oracle stopped its major funding of OOo as a mainstream product for sound
 commercial reasons -- though this has resulted in personal consequences for
 a lot of people who worked on OOo and who no longer have a job.  Now
 we've now got some services running unmanned, because the people have
 gone.

 We were lucky as far as the OOo wiki was concerned in that I was already
 providing expert support to the Oracle guy who ran the system, and I was
 able to step in with his active cooperation before he left the building.

 I believe that Oracle that wants to ensure a bumpless transfer to the
 Apache project wherever possible, and it will find the necessary mechanisms
 to grant project members who have the right technical skills and track record
 to take over these systems.  Our main problem is that this list currently
 seems to contains one name -- mine, though there are others who could
 potentially step into this gap: for example Raphael, Kay and Drew.  However
 we are all already working to our limits.  Maybe we just need a cloning
 machine :(

Once we have documentation in place, any infra person can jump in and help
should the need arise.

 Quite honestly -- and I can only speak personally -- at the moment I feel that
 I am caught between a rock and a hard place.  My work is time consuming
 and the skills are different to the mainstream C++ trained OOo developer,
 but they are also different to a pure sysAdmin.  In some ways you need to be
 an expert in *both* these worlds and to be able to integrate this expertise.  
 I
 am not talking about enthusiastic newbie volunteers; I am talking about
 hacks who have done this so many times that it's routine.  Again this only my
 personal experience, but I feel that Apache is unwelcoming to newcomers
 and this seems to be an endemic culture, albeit strongly advocated by a few
 individuals.  It is intolerant and often outrightly hostile to domains of
 expertise outside its comfort area -- even though these may be more
 relevant to the work and Apache's wider mission.  In short I am being asked
 to work long hours on technically demanding tasks in a dysfunctional
 environment. 

Nobody is asking you to so anything, you are a volunteer, you can do zero hours
if it pleases you, Your hours are governed by what you want to put in, not what
anybody tells you to do.

Please explain what you mean by dysfunctional?

FWIW I've been bending over backwards trying to help you with infra stuff, but 
you
are a stubborn old git who will not listen to how we do things around here. We 
have
accommodated just about every need, every weird way you do things, now it is 
time
for you to listen to us and fit in with us. I've been prepared to help you do 
this but
then you just go and piss me off with outlandish emails like this one.

  If I was being paid to do what I am doing now, then I would be
 seriously thinking about changing jobs -- and this is from a guy who spent 32
 years working with the same company working to get to its top technical tier
 -- and also one who is now doing this work pro-bono.

This is a volunteer organisation, guess what, you are not the only person here 
doing
work for nothing. Please do not yet again spout off your credentials or your 
countless
millions of hours spent on this, we KNOW, we are very grateful but I am getting 
tired
of you always shoving it in our face as an excuse for us to have to bow down 
and do
it the Terry way. We are not stupid, do not treat us as stupid. You are not 
stupid, we know
that. We are not here to piss you off, but you seem to trying very hard to do 
that to me
at least. Now, quit the jibes and learn to do things in a way that will please 
us all.

Gav...

 So we do have the means in terms of Oracle enabling, but we, the project,
 don't have the resources / expertise to step up to this. If I am still here 
 in 3
 months and this is still an outstanding issue, then I'll try to sort it out.

 Regards Terry

 On 01/09/11 20:59, Dennis E. Hamilton wrote:
  Um, so your answer is no?

  You do not have any means to deal with that mailing list issue on the live
 openoffice.org site?

  Any suggestions?

- Dennis

  -Original Message-
  From: Terry Ellison [mailto:te...@ellisons.org.uk]
  Sent: Thursday, September 01, 2011 12:04 To:dennis.hamil...@acm.org
  Cc:ooo-dev@incubator.apache.org
  Subject: Administrative controls / management of the mailing lists

  Dennis,

  As we've discussed previously there is almost a religious split
  between those that work on forums and those that work on MLs and DLs.
  Very few of those involved in the governance of the forums

Re: Administrative controls / management of the mailing lists

You two are some of the smartest admins I know, and I've known a few.
With mastery obviously comes strong opinions and equally strong
working habits.  This is probably the largest migration effort Apache
has ever done.  It is certainly a huge effort from OOo's perspective,
since it is a technical, procedural and social change.  We obviously
really need both of your help in the coming days and weeks.   Can we
find a way to cool off rather than escalate?  Tomorrow is another day.

Thanks,

-Rob

On Thu, Sep 1, 2011 at 6:22 PM, Gavin McDonald ga...@16degrees.com.au wrote:


 -Original Message-
 From: Terry Ellison [mailto:te...@ellisons.org.uk]
 Sent: Friday, 2 September 2011 8:02 AM
 To: dennis.hamil...@acm.org
 Cc: ooo-dev@incubator.apache.org
 Subject: Re: Administrative controls / management of the mailing lists

 Dennis,

 The short answer is IMHO: that's correct -- No.  As to the long one: ...

 Oracle stopped its major funding of OOo as a mainstream product for sound
 commercial reasons -- though this has resulted in personal consequences for
 a lot of people who worked on OOo and who no longer have a job.  Now
 we've now got some services running unmanned, because the people have
 gone.

 We were lucky as far as the OOo wiki was concerned in that I was already
 providing expert support to the Oracle guy who ran the system, and I was
 able to step in with his active cooperation before he left the building.

 I believe that Oracle that wants to ensure a bumpless transfer to the
 Apache project wherever possible, and it will find the necessary mechanisms
 to grant project members who have the right technical skills and track record
 to take over these systems.  Our main problem is that this list currently
 seems to contains one name -- mine, though there are others who could
 potentially step into this gap: for example Raphael, Kay and Drew.  However
 we are all already working to our limits.  Maybe we just need a cloning
 machine :(

 Once we have documentation in place, any infra person can jump in and help
 should the need arise.


 Quite honestly -- and I can only speak personally -- at the moment I feel 
 that
 I am caught between a rock and a hard place.  My work is time consuming
 and the skills are different to the mainstream C++ trained OOo developer,
 but they are also different to a pure sysAdmin.  In some ways you need to be
 an expert in *both* these worlds and to be able to integrate this expertise. 
  I
 am not talking about enthusiastic newbie volunteers; I am talking about
 hacks who have done this so many times that it's routine.  Again this only my
 personal experience, but I feel that Apache is unwelcoming to newcomers
 and this seems to be an endemic culture, albeit strongly advocated by a few
 individuals.  It is intolerant and often outrightly hostile to domains of
 expertise outside its comfort area -- even though these may be more
 relevant to the work and Apache's wider mission.  In short I am being asked
 to work long hours on technically demanding tasks in a dysfunctional
 environment.

 Nobody is asking you to so anything, you are a volunteer, you can do zero 
 hours
 if it pleases you, Your hours are governed by what you want to put in, not 
 what
 anybody tells you to do.

 Please explain what you mean by dysfunctional?

 FWIW I've been bending over backwards trying to help you with infra stuff, 
 but you
 are a stubborn old git who will not listen to how we do things around here. 
 We have
 accommodated just about every need, every weird way you do things, now it is 
 time
 for you to listen to us and fit in with us. I've been prepared to help you do 
 this but
 then you just go and piss me off with outlandish emails like this one.

   If I was being paid to do what I am doing now, then I would be
 seriously thinking about changing jobs -- and this is from a guy who spent 32
 years working with the same company working to get to its top technical tier
 -- and also one who is now doing this work pro-bono.

 This is a volunteer organisation, guess what, you are not the only person 
 here doing
 work for nothing. Please do not yet again spout off your credentials or your 
 countless
 millions of hours spent on this, we KNOW, we are very grateful but I am 
 getting tired
 of you always shoving it in our face as an excuse for us to have to bow down 
 and do
 it the Terry way. We are not stupid, do not treat us as stupid. You are not 
 stupid, we know
 that. We are not here to piss you off, but you seem to trying very hard to do 
 that to me
 at least. Now, quit the jibes and learn to do things in a way that will 
 please us all.

 Gav...


 So we do have the means in terms of Oracle enabling, but we, the project,
 don't have the resources / expertise to step up to this. If I am still here 
 in 3
 months and this is still an outstanding issue, then I'll try to sort it out.

 Regards Terry

 On 01/09/11 20:59, Dennis E. Hamilton wrote:
  Um, so your answer is no?
 
  You

Re: Administrative controls / management of the mailing lists

2011-09-01 Thread Tony Stevenson


On 1 Sep 2011, at 23:02, Terry Ellison wrote:

 Dennis,
 
 The short answer is IMHO: that's correct -- No.  As to the long one: ...
 
 Oracle stopped its major funding of OOo as a mainstream product for sound 
 commercial reasons -- though this has resulted in personal consequences for a 
 lot of people who worked on OOo and who no longer have a job.  Now we've now 
 got some services running unmanned, because the people have gone.
 
 We were lucky as far as the OOo wiki was concerned in that I was already 
 providing expert support to the Oracle guy who ran the system, and I was able 
 to step in with his active cooperation before he left the building.
 
 I believe that Oracle that wants to ensure a bumpless transfer to the 
 Apache project wherever possible, and it will find the necessary mechanisms 
 to grant project members who have the right technical skills and track record 
 to take over these systems.  Our main problem is that this list currently 
 seems to contains one name -- mine, though there are others who could 
 potentially step into this gap: for example Raphael, Kay and Drew.  However 
 we are all already working to our limits.  Maybe we just need a cloning 
 machine :(
 

All we would need is some documentation and then infra can help out with this 
as needed. 

 Quite honestly -- and I can only speak personally -- at the moment I feel 
 that I am caught between a rock and a hard place.  My work is time consuming 
 and the skills are different to the mainstream C++ trained OOo developer, but 
 they are also different to a pure sysAdmin.  In some ways you need to be an 
 expert in *both* these worlds and to be able to integrate this expertise.  I 
 am not talking about enthusiastic newbie volunteers; I am talking about hacks 
 who have done this so many times that it's routine.  Again this only my 
 personal experience, but I feel that Apache is unwelcoming to newcomers and 
 this seems to be an endemic culture, albeit strongly advocated by a few 
 individuals.

I wouldn't disagree with you, but I certainly wouldn't outright agree with you.

  It is intolerant and often outrightly hostile to domains of expertise 
 outside its comfort area -- even though these may be more relevant to the 
 work and Apache's wider mission.  In short I am being asked to work long 
 hours on technically demanding tasks in a dysfunctional environment.  If I 
 was being paid to do what I am doing now, then I would be seriously thinking 
 about changing jobs -- and this is from a guy who spent 32 years working with 
 the same company working to get to its top technical tier -- and also one who 
 is now doing this work pro-bono.

Oh my god.  I am starting to get bored with your relentless tirades about how 
you are working so hard, and long hours.  Join the frickin' club, you are by no 
means the only one who does this, and you certainly won't be the last.  This is 
after all a volunteer organisation.  

In other words get off your high horse.  Calm down, and please try to adjust to 
our way of working.  Thus far we have essentially done what ever you have asked 
of us, regardless of how daft they sounded to us. Please don't keep rolling out 
how you have spent your working life, getting to the top of the pile.  It's 
hardly a glowing reference, I mean EDS is hardly well known for it's quality of 
service.  But this is my personal opinion.  

You know what, all you have managed to achieve in the past few weeks is get my 
back up with your petulant comments and side swipes at the infra team in 
general.  Several of us how gone out of our way to provide you with answers to 
questions you had.  I even explained something to you at great pain in IRC, 
only for you to ignore me.  You basically lost me there. 

Why does everything seem to have to be   molehill - mountain with you?  If you 
can't take criticism or feedback, the infra group will feel like an 
over-bearing place to be, but we actually have the best of intentions.  

So, when you are ready to listen to what advice and feedback we have given you, 
and you stop throwing your tantrums - I for one would be willing to welcome you 
back so we can all move on and see some results.


 So we do have the means in terms of Oracle enabling, but we, the project, 
 don't have the resources / expertise to step up to this. If I am still here 
 in 3 months and this is still an outstanding issue, then I'll try to sort it 
 out.
 
 Regards Terry
 
 On 01/09/11 20:59, Dennis E. Hamilton wrote:
 Um, so your answer is no?
 
 You do not have any means to deal with that mailing list issue on the live 
 openoffice.org site?
 
 Any suggestions?
 
  - Dennis
 
 -Original Message-
 From: Terry Ellison [mailto:te...@ellisons.org.uk]
 Sent: Thursday, September 01, 2011 12:04
 To:dennis.hamil...@acm.org
 Cc:ooo-dev@incubator.apache.org
 Subject: Administrative controls / management of the mailing lists
 
 Dennis,
 
 As we've discussed previously there is almost a religious

Re: Fwd: openoffice.org not responding

2011-09-01 Thread Kay Schenk

HI--there still seems to be some issues...was OK early this am but 
now...VERY slow again. No idea what's going on.


On 09/01/2011 09:30 AM, Andrew Rist wrote:



On 8/31/2011 10:43 PM, Jürgen Schmidt wrote:

On Wed, Aug 31, 2011 at 9:02 PM, Kay Schenkkay.sch...@gmail.com wrote:


Hi Andrew--


On 08/31/2011 10:17 AM, Andrew Rist wrote:


This is not related to the DNS transfer. That process has not yet
begun,
and appropriate warning will be given when it is.


That transfer should painless when it occurs, as it will only involve

changing the owner of the DNS entries, not the content of them.

(looks like OOo kenai are back. I have not determined what the issue
was, but it was not related to transfer of OOo or any
decommissioning of
the servers)


well good news, but panic nonetheless. Maybe a wake-up call to get stuff
moved (somewhere) as quickly as possible. Definitely a priority with
me at
the moment! :/



i still can't reach www.openoffice.org, api.openoffice.org or
hg.services.openoffice.org, ...

Juergen

All three are up for me. I am guessing that the refresh on the DNS may
have contributed to the problem.
Andrew





Andrew

On 8/31/2011 5:05 AM, Dave Fisher wrote:


Hi Andrew,

It looks like openoffice.org is still down, odftoolkit.org is also
down.

It looks like all of Kenai is down.

Is the dns transfer in flux, or wrong? Is there a wrong action on
INFRA-3898?

Please advise.

Thanks,
Dave

Begin forwarded message:

From: Simon Brouwersimon.o...@xs4all.nl

Date: August 30, 2011 11:06:46 AM PDT
To:ooo-dev@incubator.apache.**orgto%3aooo-...@incubator.apache.org
Cc: Kay Schenkkay.sch...@gmail.com
Subject: Re: openoffice.org not responding
Reply-To:ooo-dev@incubator.**apache.orgreply-to%3aooo-...@incubator.apache.org

Reply-To:simon.o...@xs4all.nl

Hi Kay,

nl.openoffice.org is up, but server response is really slow. I wanted
to manage mailinglists since yesterday but had to give up getting
timeout
after timeout.

Best regards
Simon

Op 30-8-2011 20:01, Kay Schenk schreef:


Re Eike's post of about an hour ago.

Does anyone know what's going on with openoffice.org
orwww.openoffice.org.


kenai.org is up but not openoffice.org.



--
Vriendelijke groet,
Simon Brouwer.

|http://nl.openoffice.org |http://www.opentaal.org |



--


Oracle Email Signature Logo
Andrew Rist | Interoperability Architect
Oracle Corporate Architecture Group
Redwood Shores, CA | 650.506.9847


--
--**--**

MzK

Music expresses that which cannot be said and
on which it is impossible to be silent.
-- Victor Hugo





--

MzK

Music expresses that which cannot be said and
 on which it is impossible to be silent.
-- Victor Hugo

Re: Administrative controls / management of the mailing lists

2011-09-01 Thread Daniel Shahaf

The problem isn't Gavin needs to cool off.  The problem is Terry and Infra 
need to find a way to work together without constantly stepping on each other's 
toes.

On Thu, 01 Sep 2011 18:33 -0400, Rob Weir robw...@apache.org wrote:
 You two are some of the smartest admins I know, and I've known a few.
 With mastery obviously comes strong opinions and equally strong
 working habits.  This is probably the largest migration effort Apache
 has ever done.  It is certainly a huge effort from OOo's perspective,
 since it is a technical, procedural and social change.  We obviously
 really need both of your help in the coming days and weeks.   Can we
 find a way to cool off rather than escalate?  Tomorrow is another day.
 
 Thanks,
 
 -Rob
 
 On Thu, Sep 1, 2011 at 6:22 PM, Gavin McDonald ga...@16degrees.com.au wrote:
 
 
  -Original Message-
  From: Terry Ellison [mailto:te...@ellisons.org.uk]
  Sent: Friday, 2 September 2011 8:02 AM
  To: dennis.hamil...@acm.org
  Cc: ooo-dev@incubator.apache.org
  Subject: Re: Administrative controls / management of the mailing lists
 
  Dennis,
 
  The short answer is IMHO: that's correct -- No.  As to the long one: ...
 
  Oracle stopped its major funding of OOo as a mainstream product for sound
  commercial reasons -- though this has resulted in personal consequences for
  a lot of people who worked on OOo and who no longer have a job.  Now
  we've now got some services running unmanned, because the people have
  gone.
 
  We were lucky as far as the OOo wiki was concerned in that I was already
  providing expert support to the Oracle guy who ran the system, and I was
  able to step in with his active cooperation before he left the building.
 
  I believe that Oracle that wants to ensure a bumpless transfer to the
  Apache project wherever possible, and it will find the necessary mechanisms
  to grant project members who have the right technical skills and track 
  record
  to take over these systems.  Our main problem is that this list currently
  seems to contains one name -- mine, though there are others who could
  potentially step into this gap: for example Raphael, Kay and Drew.  However
  we are all already working to our limits.  Maybe we just need a cloning
  machine :(
 
  Once we have documentation in place, any infra person can jump in and help
  should the need arise.
 
 
  Quite honestly -- and I can only speak personally -- at the moment I feel 
  that
  I am caught between a rock and a hard place.  My work is time consuming
  and the skills are different to the mainstream C++ trained OOo developer,
  but they are also different to a pure sysAdmin.  In some ways you need to 
  be
  an expert in *both* these worlds and to be able to integrate this 
  expertise.  I
  am not talking about enthusiastic newbie volunteers; I am talking about
  hacks who have done this so many times that it's routine.  Again this only 
  my
  personal experience, but I feel that Apache is unwelcoming to newcomers
  and this seems to be an endemic culture, albeit strongly advocated by a few
  individuals.  It is intolerant and often outrightly hostile to domains of
  expertise outside its comfort area -- even though these may be more
  relevant to the work and Apache's wider mission.  In short I am being asked
  to work long hours on technically demanding tasks in a dysfunctional
  environment.
 
  Nobody is asking you to so anything, you are a volunteer, you can do zero 
  hours
  if it pleases you, Your hours are governed by what you want to put in, not 
  what
  anybody tells you to do.
 
  Please explain what you mean by dysfunctional?
 
  FWIW I've been bending over backwards trying to help you with infra stuff, 
  but you
  are a stubborn old git who will not listen to how we do things around here. 
  We have
  accommodated just about every need, every weird way you do things, now it 
  is time
  for you to listen to us and fit in with us. I've been prepared to help you 
  do this but
  then you just go and piss me off with outlandish emails like this one.
 
    If I was being paid to do what I am doing now, then I would be
  seriously thinking about changing jobs -- and this is from a guy who spent 
  32
  years working with the same company working to get to its top technical 
  tier
  -- and also one who is now doing this work pro-bono.
 
  This is a volunteer organisation, guess what, you are not the only person 
  here doing
  work for nothing. Please do not yet again spout off your credentials or 
  your countless
  millions of hours spent on this, we KNOW, we are very grateful but I am 
  getting tired
  of you always shoving it in our face as an excuse for us to have to bow 
  down and do
  it the Terry way. We are not stupid, do not treat us as stupid. You are not 
  stupid, we know
  that. We are not here to piss you off, but you seem to trying very hard to 
  do that to me
  at least. Now, quit the jibes and learn to do things in a way that will 
  please us

Re: draft blog post on the Linux build education event

2011-09-01 Thread Kay Schenk




On 09/01/2011 01:53 PM, Rob Weir wrote:

On Thu, Sep 1, 2011 at 3:40 PM, Manfred A. Reiterma.rei...@gmail.com  wrote:

thanks for the link. it works fine.
blog looks nice and we will what happens next wednesday ;-)



It will be interesting.  I just did a fresh install of Ubuntu 11.04,
totally default, virgin, no extra apt-get's.   I'll do the install on
that, to make sure we have a good list of what would need to be done
to a clean install.


LOVELY! :)




M.

2011/9/1 Rob Weirrobw...@apache.org:

On Thu, Sep 1, 2011 at 1:50 PM, Joe Schaeferjoe_schae...@yahoo.com  wrote:



http://www.apache.org/dev/blogs.html describes the
(public) preview url for blog articles.




Thanks for the hint, Joe.

If I understood it correctly, this version should be viewable.  It
works for me, but you never know when persistent cookies are playing
tricks with you.

http://blogs.apache.org/preview/OOo/?previewEntry=apache_openoffice_org_developer_education

-Rob




--

MzK

Music expresses that which cannot be said and
 on which it is impossible to be silent.
-- Victor Hugo

Re: Administrative controls / management of the mailing lists

On Thu, Sep 1, 2011 at 6:45 PM, Daniel Shahaf d...@daniel.shahaf.name wrote:
 The problem isn't Gavin needs to cool off.  The problem is Terry and Infra 
 need to find a way to work together without constantly stepping on each 
 other's toes.


Fnding this way to work together will be easier if we all step back
and cool off.  Escalating insults has a way of reaching a point of no
return.  We should try to avoid that.  I'm not pointing fingers at
anyone.

-Rob

 On Thu, 01 Sep 2011 18:33 -0400, Rob Weir robw...@apache.org wrote:
 You two are some of the smartest admins I know, and I've known a few.
 With mastery obviously comes strong opinions and equally strong
 working habits.  This is probably the largest migration effort Apache
 has ever done.  It is certainly a huge effort from OOo's perspective,
 since it is a technical, procedural and social change.  We obviously
 really need both of your help in the coming days and weeks.   Can we
 find a way to cool off rather than escalate?  Tomorrow is another day.

 Thanks,

 -Rob

 On Thu, Sep 1, 2011 at 6:22 PM, Gavin McDonald ga...@16degrees.com.au 
 wrote:
 
 
  -Original Message-
  From: Terry Ellison [mailto:te...@ellisons.org.uk]
  Sent: Friday, 2 September 2011 8:02 AM
  To: dennis.hamil...@acm.org
  Cc: ooo-dev@incubator.apache.org
  Subject: Re: Administrative controls / management of the mailing lists
 
  Dennis,
 
  The short answer is IMHO: that's correct -- No.  As to the long one: ...
 
  Oracle stopped its major funding of OOo as a mainstream product for sound
  commercial reasons -- though this has resulted in personal consequences 
  for
  a lot of people who worked on OOo and who no longer have a job.  Now
  we've now got some services running unmanned, because the people have
  gone.
 
  We were lucky as far as the OOo wiki was concerned in that I was already
  providing expert support to the Oracle guy who ran the system, and I was
  able to step in with his active cooperation before he left the building.
 
  I believe that Oracle that wants to ensure a bumpless transfer to the
  Apache project wherever possible, and it will find the necessary 
  mechanisms
  to grant project members who have the right technical skills and track 
  record
  to take over these systems.  Our main problem is that this list currently
  seems to contains one name -- mine, though there are others who could
  potentially step into this gap: for example Raphael, Kay and Drew.  
  However
  we are all already working to our limits.  Maybe we just need a cloning
  machine :(
 
  Once we have documentation in place, any infra person can jump in and help
  should the need arise.
 
 
  Quite honestly -- and I can only speak personally -- at the moment I feel 
  that
  I am caught between a rock and a hard place.  My work is time consuming
  and the skills are different to the mainstream C++ trained OOo developer,
  but they are also different to a pure sysAdmin.  In some ways you need to 
  be
  an expert in *both* these worlds and to be able to integrate this 
  expertise.  I
  am not talking about enthusiastic newbie volunteers; I am talking about
  hacks who have done this so many times that it's routine.  Again this 
  only my
  personal experience, but I feel that Apache is unwelcoming to newcomers
  and this seems to be an endemic culture, albeit strongly advocated by a 
  few
  individuals.  It is intolerant and often outrightly hostile to domains of
  expertise outside its comfort area -- even though these may be more
  relevant to the work and Apache's wider mission.  In short I am being 
  asked
  to work long hours on technically demanding tasks in a dysfunctional
  environment.
 
  Nobody is asking you to so anything, you are a volunteer, you can do zero 
  hours
  if it pleases you, Your hours are governed by what you want to put in, not 
  what
  anybody tells you to do.
 
  Please explain what you mean by dysfunctional?
 
  FWIW I've been bending over backwards trying to help you with infra stuff, 
  but you
  are a stubborn old git who will not listen to how we do things around 
  here. We have
  accommodated just about every need, every weird way you do things, now it 
  is time
  for you to listen to us and fit in with us. I've been prepared to help you 
  do this but
  then you just go and piss me off with outlandish emails like this one.
 
    If I was being paid to do what I am doing now, then I would be
  seriously thinking about changing jobs -- and this is from a guy who 
  spent 32
  years working with the same company working to get to its top technical 
  tier
  -- and also one who is now doing this work pro-bono.
 
  This is a volunteer organisation, guess what, you are not the only person 
  here doing
  work for nothing. Please do not yet again spout off your credentials or 
  your countless
  millions of hours spent on this, we KNOW, we are very grateful but I am 
  getting tired
  of you always shoving it in our face as an excuse

Re: Administrative controls / management of the mailing lists

2011-09-01 Thread Daniel Shahaf

Some concrete possible ways forward:

* Terry and Infra work together, migration continues, Terry sets up the service 
and documents it alongside all the other Infra services.

* Infra assumes responsibility for the services and the migration.

* Infra sets up a VM and tells the PPMC to assume responsibility for the rest.  
Infra has oversight and access to all VMs, though.

* The PPMC finds a solution that doesn't involve Infra.  (eg, Board budget to 
pay for external hosting)

On Fri, 02 Sep 2011 01:45 +0300, Daniel Shahaf d...@daniel.shahaf.name 
wrote:
 The problem isn't Gavin needs to cool off.  The problem is Terry and Infra 
 need to find a way to work together without constantly stepping on each 
 other's toes.
 
 On Thu, 01 Sep 2011 18:33 -0400, Rob Weir robw...@apache.org wrote:
  You two are some of the smartest admins I know, and I've known a few.
  With mastery obviously comes strong opinions and equally strong
  working habits.  This is probably the largest migration effort Apache
  has ever done.  It is certainly a huge effort from OOo's perspective,
  since it is a technical, procedural and social change.  We obviously
  really need both of your help in the coming days and weeks.   Can we
  find a way to cool off rather than escalate?  Tomorrow is another day.
  
  Thanks,
  
  -Rob
  
  On Thu, Sep 1, 2011 at 6:22 PM, Gavin McDonald ga...@16degrees.com.au 
  wrote:
  
  
   -Original Message-
   From: Terry Ellison [mailto:te...@ellisons.org.uk]
   Sent: Friday, 2 September 2011 8:02 AM
   To: dennis.hamil...@acm.org
   Cc: ooo-dev@incubator.apache.org
   Subject: Re: Administrative controls / management of the mailing lists
  
   Dennis,
  
   The short answer is IMHO: that's correct -- No.  As to the long one: ...
  
   Oracle stopped its major funding of OOo as a mainstream product for sound
   commercial reasons -- though this has resulted in personal consequences 
   for
   a lot of people who worked on OOo and who no longer have a job.  Now
   we've now got some services running unmanned, because the people have
   gone.
  
   We were lucky as far as the OOo wiki was concerned in that I was already
   providing expert support to the Oracle guy who ran the system, and I was
   able to step in with his active cooperation before he left the 
   building.
  
   I believe that Oracle that wants to ensure a bumpless transfer to the
   Apache project wherever possible, and it will find the necessary 
   mechanisms
   to grant project members who have the right technical skills and track 
   record
   to take over these systems.  Our main problem is that this list currently
   seems to contains one name -- mine, though there are others who could
   potentially step into this gap: for example Raphael, Kay and Drew.  
   However
   we are all already working to our limits.  Maybe we just need a cloning
   machine :(
  
   Once we have documentation in place, any infra person can jump in and help
   should the need arise.
  
  
   Quite honestly -- and I can only speak personally -- at the moment I 
   feel that
   I am caught between a rock and a hard place.  My work is time consuming
   and the skills are different to the mainstream C++ trained OOo developer,
   but they are also different to a pure sysAdmin.  In some ways you need 
   to be
   an expert in *both* these worlds and to be able to integrate this 
   expertise.  I
   am not talking about enthusiastic newbie volunteers; I am talking about
   hacks who have done this so many times that it's routine.  Again this 
   only my
   personal experience, but I feel that Apache is unwelcoming to newcomers
   and this seems to be an endemic culture, albeit strongly advocated by a 
   few
   individuals.  It is intolerant and often outrightly hostile to domains of
   expertise outside its comfort area -- even though these may be more
   relevant to the work and Apache's wider mission.  In short I am being 
   asked
   to work long hours on technically demanding tasks in a dysfunctional
   environment.
  
   Nobody is asking you to so anything, you are a volunteer, you can do zero 
   hours
   if it pleases you, Your hours are governed by what you want to put in, 
   not what
   anybody tells you to do.
  
   Please explain what you mean by dysfunctional?
  
   FWIW I've been bending over backwards trying to help you with infra 
   stuff, but you
   are a stubborn old git who will not listen to how we do things around 
   here. We have
   accommodated just about every need, every weird way you do things, now it 
   is time
   for you to listen to us and fit in with us. I've been prepared to help 
   you do this but
   then you just go and piss me off with outlandish emails like this one.
  
     If I was being paid to do what I am doing now, then I would be
   seriously thinking about changing jobs -- and this is from a guy who 
   spent 32
   years working with the same company working to get to its top technical 
   tier
   -- and

RE: An invitation to committers to the OOo Community Forums

We have not had the bad-behavior/HR-type problems that would require the PPMC 
to have private discussion.  I do believe that it is one of the PPMC 
responsibilities however.  A dispute between users here, or a complaint to the 
PPMC about user conduct would likely be handled on ooo-private.

From the PMC guide, http://www.apache.org/dev/pmc.html,

All PMCs SHALL restrict their communication on private mailing lists to ONLY 
issues that cannot be discussed in public *such* *as*: [*emphasis* mine]

 * re-disclosure of security problems
 * pre-agreement discussions with third parties that require confidentiality
 * nominees for project, project committee or Foundation membership
 * **personal** *conflicts* among project personnel

 - Dennis


-Original Message-
From: Rob Weir [mailto:robw...@apache.org] 
Sent: Thursday, September 01, 2011 13:40
To: ooo-dev@incubator.apache.org
Subject: Re: An invitation to committers to the OOo Community Forums

On Thu, Sep 1, 2011 at 4:29 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
 This should really be on its own thread as Terry requested.

 In any case, I believe the private forums are for roughly the same reasons 
 that the PPMC list is private.  The administrators address disputes, deal 
 with bad behavior, etc.


But that fact is we don't use ooo-private for that kind of thing.  You
know that.  We've never, ever discussed a bad behavior, dealt with
disputes, etc., on ooo-private.We resolve disputes here, on
ooo-dev, in full public view.  Why would you suggest that we have ever
done otherwise?

 I notice that moderator actions on lists here are not dealt with 
 transparently and why should they be?  We don't even know who the 
 moderators are, in general, especially for lists created before there were 
 any lists on which to learn such things.


We don't do moderation in the sense that the forums do.  We don't hold
back posts that are off-topic, that are showing bad behavior, etc.
That is not what list moderators do.  All we really do is catch posts
that come from non-subscribers and do a quick glance to see if they
are spam.  If not, we let them through.If you read Drew's
description of how the forums are dealing with moderation, it sounds
like they have a much more intense, secret, deliberative process
around moderation.

 I believe this is similar, in that there are moderation privileges and a 
 place for those with such privileges to discuss matters in private.  If not 
 there already, it would be easy to have a public forum in each cluster for 
 issues about the forum itself.  There still needs a private means of 
 communication on what are sensitive matters, in the current live system and 
 any counterpart under Apache auspices.


We have such a method, if it were needed.  It is called ooo-private.
If we think that 30 private forums are needed in order to discuss bad
behavior in support posts (3 forums per each of 10 languages) then I
think we're doing support moderation wrong.

-Rob

  - Dennis

 -Original Message-
 From: Rob Weir [mailto:robw...@apache.org]
 Sent: Thursday, September 01, 2011 12:59
 To: ooo-dev@incubator.apache.org
 Subject: Re: An invitation to committers to the OOo Community Forums

 On Thu, Sep 1, 2011 at 3:44 PM, Terry Ellison ter...@apache.org wrote:
 On 01/09/11 20:14, Rob Weir wrote:

 On Thu, Sep 1, 2011 at 2:56 PM, Terry Ellison te...@ellisons.org.uk
 wrote:

 OK, Rob, I now understand your point.  I will do as you request.
  However,
 it seems to me that by making this request you are creating an
 interesting
 catch-22:  I far as I can see there are two facets to this invitation.

  * *Sufficiency*.  These forums are closed because this gives the
attendees freedom to discuss matters (such as individual poster
behaviour) that shouldn't be discussed on a public forum.  We only
invite trusted forum members to join these lists.  (That's is
that they've demonstrated that they are responsible and have built
up a body of karma with their forum contributions.)  I would
have thought that being elected a committer could reasonably be
deemed to be sufficient to show such trust.

  * *Necessity*.  You seem to want to discuss policy on the governance
of the forums from within this DL or ooo-private.  I also recall
some of your previous comments which indicate that these people
(who have committed hundreds if not thousands of hours to
supporting this service) do not merit committer status unless they
have a wider engagement in the project, and they are therefore
excluded from any ooo-private discussions.  Yet, it seems to me
that it is entirely reasonable that anyone contributing to this
discussion should at least have a working knowledge of how the
forums operate in practice and currently govern themselves.  So I
do think it necessary as well.


 This is incorrect. We're obviously discussing the policy on the
 public list. We have not discussed

RE: Request dev help: Info for required crypto export declaration

From http://www.apache.org/dev/crypto.html top of page, Overview, second 
paragraph:

PMCs considering including cryptographic functionality within their products 
or specially designing their products to use other software with cryptographic 
functionality should take the following steps *before* placing such code on any 
ASF server, including commits to subversion [*emphasis* mine]

From http://incubator.apache.org/guides/mentor.html#crypto-audit
Before the code base is committed into an Apache repository, the contribution 
MUST be checked and any restricted cryptography reported appropriately.

-Original Message-
From: Robert Burrell Donkin [mailto:robertburrelldon...@gmail.com] 
Sent: Thursday, September 01, 2011 14:01
To: ooo-dev@incubator.apache.org
Subject: Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 9:35 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
 Technically, this was to have been resolved before the code was put up on 
 SVN.  We need to audit specifically for this rather quickly, and including 
 the places that Rob also identified (import-export filters and http TLS).

I definitely recommend a full crypto audit but IIRC it's not necessary
before sending the initial notification.

AIUI (from [1] and [2]) all that's needed is a list of the
cryptographic libraries used by OOo. If the results of the full audit
differ then we can just update the details and send an updated
notification.

Robert

[1] http://www.apache.org/dev/crypto.html#sources
[2] http://www.apache.org/licenses/exports/

Re: Apache OpenOffice.org Developer Education: Building on Linux

2011-09-01 Thread TJ Frazier


On 9/1/2011 18:52, Rob Weir wrote:

The blog post is up:

https://blogs.apache.org/OOo/entry/apache_openoffice_org_developer_education

Please pass along the info wherever you think it would find interest.
I've stuck it on Twitter, Facebook and Google Plus.

Are there any legacy OOo lists where there might be interest?

-Rob



dev@oo.o immediately comes to mind:

d...@openoffice.org

--
/tj/

Re: Apache OpenOffice.org Developer Education: Building on Linux

2011-09-01 Thread Alexandro Colorado

This is what we had in http://education.openoffice.org including the
classrooms.
There is also the getting started guide for development. Please have a look
on the wiki.
http://wiki.services.openoffice.org/wiki/Education_Project/Effort

On Thu, Sep 1, 2011 at 5:52 PM, Rob Weir apa...@robweir.com wrote:

 The blog post is up:


 https://blogs.apache.org/OOo/entry/apache_openoffice_org_developer_education

 Please pass along the info wherever you think it would find interest.
 I've stuck it on Twitter, Facebook and Google Plus.

 Are there any legacy OOo lists where there might be interest?

 -Rob




-- 
*Alexandro Colorado*
*OpenOffice.org* Español
http://es.openoffice.org
fingerprint: E62B CF77 1BEA 0749 C0B8 50B9 3DE6 A84A 68D0 72E6

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 7:01 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
 From http://www.apache.org/dev/crypto.html top of page, Overview, second 
 paragraph:

 PMCs considering including cryptographic functionality within their products 
 or specially designing their products to use other software with 
 cryptographic functionality should take the following steps *before* placing 
 such code on any ASF server, including commits to subversion [*emphasis* 
 mine]

 From http://incubator.apache.org/guides/mentor.html#crypto-audit
 Before the code base is committed into an Apache repository, the 
 contribution MUST be checked and any restricted cryptography reported 
 appropriately.


Yup.  We did this in the wrong order.  Nothing we can do about that now.

I hope to get to this soon, but probably not until the weekend at
earliest.  If you (or anyone else) have cycles earlier, feel free to
grab this task.   I don't mean to be sitting on it if someone else can
act sooner.


-Rob


 -Original Message-
 From: Robert Burrell Donkin [mailto:robertburrelldon...@gmail.com]
 Sent: Thursday, September 01, 2011 14:01
 To: ooo-dev@incubator.apache.org
 Subject: Re: Request dev help: Info for required crypto export declaration

 On Thu, Sep 1, 2011 at 9:35 PM, Dennis E. Hamilton
 dennis.hamil...@acm.org wrote:
 Technically, this was to have been resolved before the code was put up on 
 SVN.  We need to audit specifically for this rather quickly, and including 
 the places that Rob also identified (import-export filters and http TLS).

 I definitely recommend a full crypto audit but IIRC it's not necessary
 before sending the initial notification.

 AIUI (from [1] and [2]) all that's needed is a list of the
 cryptographic libraries used by OOo. If the results of the full audit
 differ then we can just update the details and send an updated
 notification.

 Robert

 [1] http://www.apache.org/dev/crypto.html#sources
 [2] http://www.apache.org/licenses/exports/

Re: An invitation to committers to the OOo Community Forums

On Thu, Sep 1, 2011 at 7:01 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
 We have not had the bad-behavior/HR-type problems that would require the PPMC 
 to have private discussion.  I do believe that it is one of the PPMC 
 responsibilities however.  A dispute between users here, or a complaint to 
 the PPMC about user conduct would likely be handled on ooo-private.

 From the PMC guide, http://www.apache.org/dev/pmc.html,

 All PMCs SHALL restrict their communication on private mailing lists to ONLY 
 issues that cannot be discussed in public *such* *as*: [*emphasis* mine]

  * re-disclosure of security problems
  * pre-agreement discussions with third parties that require confidentiality
  * nominees for project, project committee or Foundation membership
  * **personal** *conflicts* among project personnel


But that is not what we're talking about on the support forums, right?
 1) users on the forum are not project personnel and 2) the
moderators are discussing posts not personal conflicts and 3) The
persons having the conflicts are not involved in the private
discussions.

Of course, if support moderators themselves get involved in personal
conflicts that need discussion, then by all means bring that to
ooo-private.

I don't think there is a legitimate place in a project for one group
of people to talk about a different person, in a restricted list,
without checks and balances provided by the PPMC/Mentor oversight of
lists like ooo-private.

-Rob


  - Dennis


 -Original Message-
 From: Rob Weir [mailto:robw...@apache.org]
 Sent: Thursday, September 01, 2011 13:40
 To: ooo-dev@incubator.apache.org
 Subject: Re: An invitation to committers to the OOo Community Forums

 On Thu, Sep 1, 2011 at 4:29 PM, Dennis E. Hamilton
 dennis.hamil...@acm.org wrote:
 This should really be on its own thread as Terry requested.

 In any case, I believe the private forums are for roughly the same reasons 
 that the PPMC list is private.  The administrators address disputes, deal 
 with bad behavior, etc.


 But that fact is we don't use ooo-private for that kind of thing.  You
 know that.  We've never, ever discussed a bad behavior, dealt with
 disputes, etc., on ooo-private.    We resolve disputes here, on
 ooo-dev, in full public view.  Why would you suggest that we have ever
 done otherwise?

 I notice that moderator actions on lists here are not dealt with 
 transparently and why should they be?  We don't even know who the 
 moderators are, in general, especially for lists created before there were 
 any lists on which to learn such things.


 We don't do moderation in the sense that the forums do.  We don't hold
 back posts that are off-topic, that are showing bad behavior, etc.
 That is not what list moderators do.  All we really do is catch posts
 that come from non-subscribers and do a quick glance to see if they
 are spam.  If not, we let them through.    If you read Drew's
 description of how the forums are dealing with moderation, it sounds
 like they have a much more intense, secret, deliberative process
 around moderation.

 I believe this is similar, in that there are moderation privileges and a 
 place for those with such privileges to discuss matters in private.  If not 
 there already, it would be easy to have a public forum in each cluster for 
 issues about the forum itself.  There still needs a private means of 
 communication on what are sensitive matters, in the current live system and 
 any counterpart under Apache auspices.


 We have such a method, if it were needed.  It is called ooo-private.
 If we think that 30 private forums are needed in order to discuss bad
 behavior in support posts (3 forums per each of 10 languages) then I
 think we're doing support moderation wrong.

 -Rob

  - Dennis

 -Original Message-
 From: Rob Weir [mailto:robw...@apache.org]
 Sent: Thursday, September 01, 2011 12:59
 To: ooo-dev@incubator.apache.org
 Subject: Re: An invitation to committers to the OOo Community Forums

 On Thu, Sep 1, 2011 at 3:44 PM, Terry Ellison ter...@apache.org wrote:
 On 01/09/11 20:14, Rob Weir wrote:

 On Thu, Sep 1, 2011 at 2:56 PM, Terry Ellison te...@ellisons.org.uk
 wrote:

 OK, Rob, I now understand your point.  I will do as you request.
  However,
 it seems to me that by making this request you are creating an
 interesting
 catch-22:  I far as I can see there are two facets to this invitation.

  * *Sufficiency*.  These forums are closed because this gives the
    attendees freedom to discuss matters (such as individual poster
    behaviour) that shouldn't be discussed on a public forum.  We only
    invite trusted forum members to join these lists.  (That's is
    that they've demonstrated that they are responsible and have built
    up a body of karma with their forum contributions.)  I would
    have thought that being elected a committer could reasonably be
    deemed to be sufficient to show such trust.

  * *Necessity*.  You seem to want to discuss

Re: Request dev help: Info for required crypto export declaration

2011-09-01 Thread Norbert Thiebaud

On Thu, Sep 1, 2011 at 11:15 AM, Rob Weir r...@robweir.com wrote:

 Looks like LO discussed it briefly [4], but dismissed it under the
 misapprehension that since they are not in the US, the regulation is
 irrelevant.

I'm confused, how is that a 'misapprehension' exactly ?

Are you concerned about compliance with
http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT00801164dateTexte=#LEGISCTA06136109
?

if not, why not ? are you under the misapprehension that since [you]
are not in [France], the regulation is irrelevant. ?

Norbert

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 9:38 PM, Norbert Thiebaud nthieb...@gmail.com wrote:
 On Thu, Sep 1, 2011 at 11:15 AM, Rob Weir r...@robweir.com wrote:

 Looks like LO discussed it briefly [4], but dismissed it under the
 misapprehension that since they are not in the US, the regulation is
 irrelevant.

 I'm confused, how is that a 'misapprehension' exactly ?

 Are you concerned about compliance with
 http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT00801164dateTexte=#LEGISCTA06136109
 ?

 if not, why not ? are you under the misapprehension that since [you]
 are not in [France], the regulation is irrelevant. ?


You should take a look at the Wassenaar convention.  There is a lot
more similarity than you might think between French and US
requirements.  The diligence you do to satisfy US regulations will
also help you with the regulations in any other countries you, or your
users, need to work with.

http://www.wassenaar.org/

 Norbert

RE: Request dev help: Info for required crypto export declaration

I think Article 32 is of particular interest in the case of OpenOffice.org 
distributions in France.

It would appear that compliance with Article 30 is not difficult, since source 
code is available in all cases.  It would be interesting to find out if the 
Apache process for declaring cryptographic provisions would be acceptable to 
the Prime Minister without further ceremony.  It might be useful for us to 
package notice of where the details are found in future distributions so users 
could be aware that local conditions may apply to their use of such provisions.

However, I think it is likely that, so long as the LibreOffice download sites 
are not in the US there is not an issue for TDF.  If there are LibreOffice 
mirrors in the US, that might be reason for concern by the operators of the 
mirrors.  But we don't get to resolve any of that here.

It is clear that to be an Apache Software Foundation project, the US 
requirements must be satisfied in the manner specified by the ASF.  

 - Dennis 

-Original Message-
From: Norbert Thiebaud [mailto:nthieb...@gmail.com] 
Sent: Thursday, September 01, 2011 18:38
To: ooo-dev@incubator.apache.org
Subject: Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 11:15 AM, Rob Weir r...@robweir.com wrote:

 Looks like LO discussed it briefly [4], but dismissed it under the
 misapprehension that since they are not in the US, the regulation is
 irrelevant.

I'm confused, how is that a 'misapprehension' exactly ?

Are you concerned about compliance with
http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT00801164dateTexte=#LEGISCTA06136109
?

if not, why not ? are you under the misapprehension that since [you]
are not in [France], the regulation is irrelevant. ?

Norbert

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 10:18 PM, Dennis E. Hamilton
dennis.hamil...@acm.org wrote:
I think Article 32 is of particular interest in the case of OpenOffice.org
distributions in France.

It would appear that compliance with Article 30 is not difficult, since
source code is available in all cases. It would be interesting to find out
if the Apache process for declaring cryptographic provisions would be
acceptable to the Prime Minister without further ceremony. It might be
useful for us to package notice of where the details are found in future
distributions so users could be aware that local conditions may apply to
their use of such provisions.

However, I think it is likely that, so long as the LibreOffice download sites
are not in the US there is not an issue for TDF. If there are LibreOffice
mirrors in the US, that might be reason for concern by the operators of the
mirrors. But we don't get to resolve any of that here.

It is clear that to be an Apache Software Foundation project, the US
requirements must be satisfied in the manner specified by the ASF.

But I think that misses the real value of having this paperwork clean
and readily available. It isn't really about OpenOffice or
LibreOffice end users. And it really isn't about Apache or The
Document Foundation. Yes, it is partially about them. But the real
point of doing this and doing it well, is to make it possible for
others (not Apache and not end users or direct downloads) to
distribute/export Apache code. It is to allow Apache modules to be
embedded in other applications and then exported. It is to allow
OpenOffice.org to be pre-installed on a hardware vendor's laptops and
then exported. Pure open source gets off easy in the regulation this
days. The government realizes that the code is out there and they
accept that. But commercial software vendors and hardware vendors
still feel the full weight of these regulations. Having open source
components that have their export control paperwork in order makes
their lives much easier, and helps the underlying open source software
get used more, which in turn may drive more corporate-sponsored
developers into the project, more opportunities for consultants, etc.
It is part of making OSS easy to consume. It is a win-win situation.

-Rob

- Dennis

-Original Message-
From: Norbert Thiebaud [mailto:nthieb...@gmail.com]
Sent: Thursday, September 01, 2011 18:38
To: ooo-dev@incubator.apache.org
Subject: Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 11:15 AM, Rob Weir r...@robweir.com wrote:

Looks like LO discussed it briefly [4], but dismissed it under the
misapprehension that since they are not in the US, the regulation is
irrelevant.

I'm confused, how is that a 'misapprehension' exactly ?

Are you concerned about compliance with
http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT00801164dateTexte=#LEGISCTA06136109
?

if not, why not ? are you under the misapprehension that since [you]
are not in [France], the regulation is irrelevant. ?

Norbert

Re: Apache OpenOffice.org Developer Education: Building on Linux

2011-09-01 Thread Matt Richards

I'm interested in lending a hand where I can, as I've been able to get OOo
to build on Linux (64bit)..

On Thu, Sep 1, 2011 at 6:04 PM, Alexandro Colorado j...@openoffice.orgwrote:

 This is what we had in http://education.openoffice.org including the
 classrooms.
 There is also the getting started guide for development. Please have a look
 on the wiki.
 http://wiki.services.openoffice.org/wiki/Education_Project/Effort

 On Thu, Sep 1, 2011 at 5:52 PM, Rob Weir apa...@robweir.com wrote:

  The blog post is up:
 
 
 
 https://blogs.apache.org/OOo/entry/apache_openoffice_org_developer_education
 
  Please pass along the info wherever you think it would find interest.
  I've stuck it on Twitter, Facebook and Google Plus.
 
  Are there any legacy OOo lists where there might be interest?
 
  -Rob
 



 --
 *Alexandro Colorado*
 *OpenOffice.org* Español
 http://es.openoffice.org
 fingerprint: E62B CF77 1BEA 0749 C0B8 50B9 3DE6 A84A 68D0 72E6




-- 
--Matt

Re: Request dev help: Info for required crypto export declaration

2011-09-01 Thread Norbert Thiebaud

On Thu, Sep 1, 2011 at 8:57 PM, Rob Weir robw...@apache.org wrote:
On Thu, Sep 1, 2011 at 9:38 PM, Norbert Thiebaud nthieb...@gmail.com wrote:
On Thu, Sep 1, 2011 at 11:15 AM, Rob Weir r...@robweir.com wrote:

Looks like LO discussed it briefly [4], but dismissed it under the
misapprehension that since they are not in the US, the regulation is
irrelevant.

I'm confused, how is that a 'misapprehension' exactly ?

Are you concerned about compliance with
http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT00801164dateTexte=#LEGISCTA06136109
?

if not, why not ? are you under the misapprehension that since [you]
are not in [France], the regulation is irrelevant. ?

You should take a look at the Wassenaar convention. There is a lot
more similarity than you might think between French and US
requirements.

You're missing the point. The point is: it makes a lot of sens of
Apache, being legally established in the US, to comply with the export
regulation of its host country...
but claiming that not paying attention to US regulation for a
non-US-based entity is a 'misapprehension' does not make much sens to
me. 'France' here was just a convenient example to illustrate the
fallacy of the argument. one could find hundreds of jurisdictions with
each their own hoops and quirks... most likely some of them
contradicting each others.

The diligence you do to satisfy US regulations will
also help you with the regulations in any other countries you, or your
users, need to work with.

The French term that best describe this vision of the world is
'nombrilism' (I'm afraid the english translation doesn't quite does it
justice.. too literal, doesn't carry the larger meaning, I think)

Norbert

Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 10:55 PM, Norbert Thiebaud nthieb...@gmail.com wrote:
On Thu, Sep 1, 2011 at 8:57 PM, Rob Weir robw...@apache.org wrote:
On Thu, Sep 1, 2011 at 9:38 PM, Norbert Thiebaud nthieb...@gmail.com wrote:
On Thu, Sep 1, 2011 at 11:15 AM, Rob Weir r...@robweir.com wrote:

Looks like LO discussed it briefly [4], but dismissed it under the
misapprehension that since they are not in the US, the regulation is
irrelevant.

I'm confused, how is that a 'misapprehension' exactly ?

Are you concerned about compliance with
http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT00801164dateTexte=#LEGISCTA06136109
?

if not, why not ? are you under the misapprehension that since [you]
are not in [France], the regulation is irrelevant. ?

You should take a look at the Wassenaar convention. There is a lot
more similarity than you might think between French and US
requirements.

You should read my response to Dennis. I think you miss the entire
point of why this paperwork is important. It has almost zero to do
with where your webserver is. That is maybe 5% of the significance of
the paperwork. If that is all you see, then you are missing most of
the big picture. This is about making the software consumable for
repackaging and redistribution by large hardware and software
distributors, who -- like it or not -- tend to be American, not
French. If you are thinking only of end users downloading the
software from your LO webserver in Germany (or wherever it is), then
you are missing the vast majority of the consumer, public sector,
academic and enterprise markets.

The diligence you do to satisfy US regulations will
also help you with the regulations in any other countries you, or your
users, need to work with.

The French term that best describe this vision of the world is
'nombrilism' (I'm afraid the english translation doesn't quite does it
justice.. too literal, doesn't carry the larger meaning, I think)

Norbert

Re: Request dev help: Info for required crypto export declaration

Off-topic.  Please drop this line of inquiry and
return to the Subject of this thread, which is
about determining required info for the crypto export
declaration.





From: Rob Weir robw...@apache.org
To: ooo-dev@incubator.apache.org
Sent: Thursday, September 1, 2011 11:07 PM
Subject: Re: Request dev help: Info for required crypto export declaration

On Thu, Sep 1, 2011 at 10:55 PM, Norbert Thiebaud nthieb...@gmail.com wrote:
 On Thu, Sep 1, 2011 at 8:57 PM, Rob Weir robw...@apache.org wrote:
 On Thu, Sep 1, 2011 at 9:38 PM, Norbert Thiebaud nthieb...@gmail.com 
 wrote:
 On Thu, Sep 1, 2011 at 11:15 AM, Rob Weir r...@robweir.com wrote:

 Looks like LO discussed it briefly [4], but dismissed it under the
 misapprehension that since they are not in the US, the regulation is
 irrelevant.

 I'm confused, how is that a 'misapprehension' exactly ?

 Are you concerned about compliance with
 http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT00801164dateTexte=#LEGISCTA06136109
 ?

 if not, why not ? are you under the misapprehension that since [you]
 are not in [France], the regulation is irrelevant. ?


 You should take a look at the Wassenaar convention.  There is a lot
 more similarity than you might think between French and US
 requirements.

 You're missing the point. The point is: it makes a lot of sens of
 Apache, being legally established in the US, to comply with the export
 regulation of its host country...
 but claiming that not paying attention to US regulation for a
 non-US-based entity is a 'misapprehension' does not make much sens to
 me. 'France' here was just a convenient example to illustrate the
 fallacy of the argument. one could find hundreds of jurisdictions with
 each their own hoops and quirks... most likely some of them
 contradicting each others.


You should read my response to Dennis.  I think you miss the entire
point of why this paperwork is important.  It has almost zero to do
with where your webserver is.  That is maybe 5% of the significance of
the paperwork.  If that is all you see, then you are missing most of
the big picture.  This is about making the software consumable for
repackaging and redistribution by large hardware and software
distributors, who -- like it or not -- tend to be American, not
French.   If you are thinking only of end users downloading the
software from your LO webserver in Germany (or wherever it is), then
you are missing the vast majority of the consumer, public sector,
academic and enterprise markets.

  The diligence you do to satisfy US regulations will
 also help you with the regulations in any other countries you, or your
 users, need to work with.

 The French term that best describe this vision of the world is
 'nombrilism' (I'm afraid the english translation doesn't quite does it
 justice.. too literal, doesn't carry the larger meaning, I think)

 Norbert

Re: draft blog post on the Linux build education event

2011-09-01 Thread Jean Weber

A little late here, and a trivial observation, but this type of
statement really jerks my chain, because it is so Northern-Hemisphere
specific:

It is September. Time for cooler weather and time to go back to school

(Watching the temperatures and humidity rise inexorably towards summer
makes me grumpy. It is so easy to avoid this kind of stuff.)

--Jean
(in tropical Australia)

Re: draft blog post on the Linux build education event

Seems to me all that's needed is a regional
qualifier.  Blogs aren't written in stone,
it is easy enough to make minor edits to them
post-publication (but do take better advantage
of the pre-publication public url I mentioned
earlier for peer review of articles.)





From: Jean Weber jeanwe...@gmail.com
To: ooo-dev@incubator.apache.org
Sent: Thursday, September 1, 2011 11:18 PM
Subject: Re: draft blog post on the Linux build education event

A little late here, and a trivial observation, but this type of
statement really jerks my chain, because it is so Northern-Hemisphere
specific:

It is September. Time for cooler weather and time to go back to school

(Watching the temperatures and humidity rise inexorably towards summer
makes me grumpy. It is so easy to avoid this kind of stuff.)

--Jean
(in tropical Australia)

Re: draft blog post on the Linux build education event

2011-09-01 Thread Jean Weber

On Fri, Sep 2, 2011 at 13:24, Joe Schaefer joe_schae...@yahoo.com wrote:
 Seems to me all that's needed is a regional
 qualifier.  Blogs aren't written in stone,
 it is easy enough to make minor edits to them
 post-publication (but do take better advantage
 of the pre-publication public url I mentioned
 earlier for peer review of articles.)

If things didn't happen while I was asleep (or out of Internet range),
I might find time to to read pre-publication blog articles. But often
I wouldn't find time to get to it until too late anyway.

--Jean



From: Jean Weber jeanwe...@gmail.com
To: ooo-dev@incubator.apache.org
Sent: Thursday, September 1, 2011 11:18 PM
Subject: Re: draft blog post on the Linux build education event

A little late here, and a trivial observation, but this type of
statement really jerks my chain, because it is so Northern-Hemisphere
specific:

It is September. Time for cooler weather and time to go back to school

(Watching the temperatures and humidity rise inexorably towards summer
makes me grumpy. It is so easy to avoid this kind of stuff.)

--Jean
(in tropical Australia)

Re: draft blog post on the Linux build education event

Good point Jean!  Things need to happen
a bit more deliberately with respect to
posting blog articles next time round,
but as I said it's still not too late
to fix this one.  Someone just has to
do it.





From: Jean Weber jeanwe...@gmail.com
To: ooo-dev@incubator.apache.org; Joe Schaefer joe_schae...@yahoo.com
Sent: Thursday, September 1, 2011 11:53 PM
Subject: Re: draft blog post on the Linux build education event

On Fri, Sep 2, 2011 at 13:24, Joe Schaefer joe_schae...@yahoo.com wrote:
 Seems to me all that's needed is a regional
 qualifier.  Blogs aren't written in stone,
 it is easy enough to make minor edits to them
 post-publication (but do take better advantage
 of the pre-publication public url I mentioned
 earlier for peer review of articles.)

If things didn't happen while I was asleep (or out of Internet range),
I might find time to to read pre-publication blog articles. But often
I wouldn't find time to get to it until too late anyway.

--Jean



From: Jean Weber jeanwe...@gmail.com
To: ooo-dev@incubator.apache.org
Sent: Thursday, September 1, 2011 11:18 PM
Subject: Re: draft blog post on the Linux build education event

A little late here, and a trivial observation, but this type of
statement really jerks my chain, because it is so Northern-Hemisphere
specific:

It is September. Time for cooler weather and time to go back to school

(Watching the temperatures and humidity rise inexorably towards summer
makes me grumpy. It is so easy to avoid this kind of stuff.)

--Jean
(in tropical Australia)

Re: draft blog post on the Linux build education event

2011-09-01 Thread Manfred A. Reiter

2011/9/1 Manfred A. Reiter ma.rei...@gmail.com:

 blog looks nice and we will what happens next wednesday

Put the word see into the sentence above, where it belongs ;-)

Re: An invitation to committers to the OOo Community Forums