Re: Neutral / shared security list ...
Hello, Dave Fisher wrote on 2011-10-26 00:04: No it is not a trivial concern. Once we've agreed to have a neutral domain name like"t...@office-security.org" then we have essentially agreed to Florian's proposal. to me it's important where it is hosted, who is administering and moderating it. I don't consider a separate domain name necessary, as FreeDesktop or the solution proposed by myself would have an existing, IMHO neutral domain name. However, if people insist on a neutral one, I of course wouldn't object to that, even if it creates some more work (who registers and owns it, but Simon proposed solutions already). Florian -- Florian Effenberger Steering Committee and Founding Member of The Document Foundation Tel: +49 8341 99660880 | Mobile: +49 151 14424108 Skype: floeff | Twitter/Identi.ca: @floeff
Re: Neutral / shared security list ...
Hello, Dave Fisher wrote on 2011-10-26 01:44: Let us know ifsecurityteam@oo.o is now preferred. Otherwise you can see my proposal which I think is essentially yours. I really would like to go with the neutral and transparent third-party approach, given the history of this. As said, it demands the same from everyone, does not overly benefit anyone, and is IMHO the best way to go. It looks like this approach seems to be accepted by several people, which really looks promising to me now. Florian -- Florian Effenberger Steering Committee and Founding Member of The Document Foundation Tel: +49 8341 99660880 | Mobile: +49 151 14424108 Skype: floeff | Twitter/Identi.ca: @floeff
Re: Shutdown of the "download.services.openoffice.org" host and its Mirrorbrain instance
On Tue, Oct 25, 2011 at 7:58 PM, Christian Lohmaier wrote: > Hi Robert, *, > > On Tue, Oct 25, 2011 at 5:05 PM, Robert Burrell Donkin > wrote: >> On Tue, Oct 25, 2011 at 1:38 PM, Christian Lohmaier >> wrote: >>> On Tue, Oct 25, 2011 at 2:15 PM, Robert Burrell Donkin >>> wrote: > If anyone were to be able to create > convincing gpg singatures of Apache releases, then this... > >> Downloading the signature from a trusted server means that >> such an attacker would need to replace an existing signature on secure >> hardware without detection. > > is moot anyway, the lesser problem to be concerned about. Every line of defence (weak or strong) that an attacker has to breach gives more time for defends to respond > And this btw. is not any different than to download the torrent via https. Modulo client respect for certificates, yes >>> So it is not a matter of infrastructure, but a matter of policy. >> >> Where's the URL for this policy? > > I didn't mean to imply there was a set-in-stone policy already. (Apache has quite a lot of nomenclature which is often confusing. Policy is often used as shorthand for Apache policy. Which is reasonably set-in-stone.) > What I meant was that it is up to the project to decide whether torrents are > used or not, that the technical implementation of using torrents is so > simple that apache infrastructure is not needed at all. You want > torrents, you got torrents. You don't want them, you just don't use > them. For Apache releases, I think torrents would be do-able with a little work (I think that seeds would need to be obtained from mirrors but signatures from Apache) For OOo legacy releases, my advice is just to show up and ask Infrastructure to help solve your problem. Robert
Re: Neutral / shared security list ...
On 26 October 2011 09:25, Florian Effenberger wrote: > Hello, > > Dave Fisher wrote on 2011-10-26 01:44: > >> Let us know ifsecurityteam@oo.o is now preferred. Otherwise you can see >> my proposal which I think is essentially yours. >> > > I really would like to go with the neutral and transparent third-party > approach, given the history of this. As said, it demands the same from > everyone, does not overly benefit anyone, and is IMHO the best way to go. > > It looks like this approach seems to be accepted by several people, which > really looks promising to me now. To me, most of the discussion has been looking through the wrong end of the telescope. We need to build trust, it won't just happen any more than code will write itself. We need to be more positive about the reasons why sharing is good not all the reasons not to do it. A bit Ironic for people that say they believe broadly in community and sharing resources ;-) The real prize is to get working together as far as possible, where a list is hosted is a trivial detail that should not get in the way. It takes more strength to give a little than it does to keep fighting pedantically over trivia. So let's go with Florian/Dave's proposal and show we have some confidence not to have to play the "not invented here" card at every opportunity. If we need a lazy consensus on it I'd suggest Dave starts a new thread to that effect. -- Ian Ofqual Accredited IT Qualifications (The Schools ITQ) www.theINGOTs.org +44 (0)1827 305940 The Learning Machine Limited, Reg Office, 36 Ashby Road, Tamworth, Staffordshire, B79 8AQ. Reg No: 05560797, Registered in England and Wales.
Working on a project roadmap ...
Rob, TLDR summary: we all have flexibility, and yielding to IBM's choice of the ASF is to let a corporate minority choose The Apache Way for a majority that wants to be their own self governing meritocracy. But of course there is much more nuance: On Tue, 2011-10-25 at 07:41 -0400, Rob Weir wrote: > > Given licenses are the expression of the ethos of a community, it's > > LO had no choice but to take LGPL. So more necessity/inertia than > ethos. And -- according to Michael -- when it thought that MPL might > be more acceptable TDF was quick to add MPL for new code > contributions. This shows an ethos of flexibility. Sure TDF is flexible, and in many ways far more flexible as a small separate project than AOOoI can be as a small part of a much larger, much more established project. I see that as a great strength, others no doubt see it as instability and weakness :-) > This is a good thing. Completely agreed. Indeed - in my view it is entirely right for the contributor meritocracy as a whole to make project decisions, such as licensing, in a collective fashion. As such, if the TDF board, ESC etc. can be persuaded that using an Apache license is the best way to go forward, and that the benefits to everyone (perhaps new contributors) outweigh the (extremely substantial) negative impact of loosing contributors that feel strongly against this, the cost of having to re-write their contributions, deal with the repercussions etc.: then that is indeed a decision we can make. The fact that IBM is represented only by proxy in that decision is due to their regrettable lack of engagement with our process, and relatively small contribution to date (and not for want of us reaching out to try to include you guys). However you touch quite well on the real root issue here. ASF is a very well known entity it has a substantial raft of set-in-stone policies covering many (but clearly not all) aspects of community, licensing, governance, fund-raising, trademarks, branding, and more. It even has a popular brand around that raft of choices: The Apache Way that should be protected. That is great. The ASF is a good and worthy institution that reflects it's memberships wishes and produces good software. They are also seriously inflexible on these topics, since they believe them to be the best, as is reasonable and their right. The Apache Way no doubt works excellently for many projects that voluntarily submit to it. However, from my perspective, allowing a minority contributor: IBM to choose ASF, and thus try to dictate this slew of set-in-stone pre-decisions to the wider community is highly antisocial. That effectively robs us by dilution and inertia of any real choice in most of these matters forever. This to me is the primary annoyance here, not licensing per-se which is only a symptom. To point out that TDF is flexible and therefore must be the one that change, whereas ASF's inflexibility (carefully chosen for this attribute by a minority contributor) means they cannot change - is to get rather close to the nub of the problem. It also looks a little disingenuous. AOOoI participants clearly have a similar flexiblity: the freedom to join TDF, and let incubation amicably lapse. It is of course a minority's right, and apparently ASF's choice to support such actions - but they are emphatically anti-meritocratic when you look at the bigger picture. To have (well meaning) people (who have contributed even less than Rob) imposing one company's choice of set-in-stone pre-decisions on the project, day after day would be fairly horrendous. Thus - while it is reasonable enough to fork, have your own project, build your own competing community, do your own thing etc. to -then- try to damage and divide the LibreOffice community along licensing lines is viewed as an extreme and un-necessarily hostile move; and one that we must react to. I think my take is that meritocracy and fair governance is more important than any particular choice of licensing, and I'm saddened that ASF's action -seems- to suggest that it is fine to help to divide an existing community along these lines, siding with a corporate minority vs. the wider majority. Actually, to be fairer to ASF I think they were to some degree duped into this by being given a rather unbalanced view of how the existing contributor base broke down that made this look much more nuanced than it really is, and of course releasing OO.o under AL2 is a prize of some order. > One option TDF/LO did not have at the time was to take the > core OOo code under ALv2 We certainly always -had- the option to ask people to dual license their contributions under ALv2/LGPLv3+, what made you think we didn't ? this was a conscious choice. > It might make sense to evaluate the new possibilities, including > possibilities for collaboration, enabled by this change, a c
Re: working on a OpenOffice roadmap
On Tue, Oct 25, 2011 at 11:20 PM, Norbert Thiebaud wrote: > On Tue, Oct 25, 2011 at 6:41 AM, Rob Weir wrote: >> On Tue, Oct 25, 2011 at 6:28 AM, Simon Phipps wrote: >>> On Mon, Oct 24, 2011 at 8:20 PM, Pedro Giffuni wrote: >>> If libreoffice encourages, but not requires, AL2 for stuff in the core package, that would be a huge advance to get a bit nearer both camps. >>> >>> Given licenses are the expression of the ethos of a community, it's >> >> LO had no choice but to take LGPL. So more necessity/inertia than >> ethos. And -- according to Michael -- when it thought that MPL might >> be more acceptable TDF was quick to add MPL for new code >> contributions. This shows an ethos of flexibility. > > And look how well it has served us. Despite that very large > concession, IBM still snubbed it and 9 month later started a new fork. > You give a hand, it want the whole body... > TDF was never able to deliver on MPL. Having MPL on just new contributions is nearly worthless. The new code in LO is just the fuzz on the peach. The vast majority of the code in LO is still LGPL. But now that Oracle has put the core code under Apache 2.0 via their SGA, you now have the opportunity to have a consistent licensing policy that would be conducive to collaboration. >> This is a good thing. > Only in others right ? Do as I say not as I do... > > [ snip trolling ] >> >>> disingenuous and divisive to assume any community will drop its governance >>> approach like this, Pedro. It translates as "the path to collaboration is >>> your surrender; we can negotiate once you've done that". You make it sound >> >> This is obviously a touchy subject for you, Simon. But please read >> what Pedro wrote. He said: >> >> "If libreoffice encourages, but not requires, AL2 for stuff in the >> core package, that would be a huge advance to get a bit nearer both >> camps." >> >> This is not asking for LO members to surrender or fall on their >> swords. > > As a TDF member, I'm telling you: Yes it is _exactly_ what it sound like. > to quote Michael Meeks: "The problem lies not with the license, but the idea that a single company, with it's own agenda, having set itself up as the sole owner of an open source project, will then always act in that project's best interest. That just seems unrealistic, and the bigger the company - IMHO - the less likely it is. Now - a meritocratically constituted foundation, to which all code / translation etc. contributors belonged, with some truly representative governance - I'd love to belong to something like that & assign my rights to it." Of course, now that that company running the project is his own company, Michael has become dogmatic about license rather that his previous dogmatism about governance. Plus ça change... See: http://people.gnome.org/~michael/blog/2007-10-03.html >> It is suggesting that information be made available to LO >> developers who might wish to voluntarily make their code available >> under ALv2 as well as the existing LGPL/MPL. Please correct me if >> I'm wrong, but I had the impression that nothing at TDF/LO that would >> prevent someone from doing this? > > It is one thing to not 'prevent' someone from abandoning free-software > principles (as if anyone had such power anyway) > It is quite another to have "libreoffice [more exactly TDF] ask its > members" or contributors to do so > is collaboration against free software principles? > Norbert >
Re: working on a OpenOffice roadmap
Hi Rob, > > Of course, now that that company running the project is his own > company, Michael has become dogmatic about license rather that his > previous dogmatism about governance. Can you please stop that nonsense? regards, André
Re: Working on a project roadmap ...
On Wed, Oct 26, 2011 at 7:25 AM, Michael Meeks wrote: > Rob, > > TLDR summary: we all have flexibility, and yielding to IBM's > choice of the ASF is to let a corporate minority choose The > Apache Way for a majority that wants to be their own > self governing meritocracy. > > But of course there is much more nuance: > > On Tue, 2011-10-25 at 07:41 -0400, Rob Weir wrote: >> > Given licenses are the expression of the ethos of a community, it's >> >> LO had no choice but to take LGPL. So more necessity/inertia than >> ethos. And -- according to Michael -- when it thought that MPL might >> be more acceptable TDF was quick to add MPL for new code >> contributions. This shows an ethos of flexibility. > > Sure TDF is flexible, and in many ways far more flexible as a small > separate project than AOOoI can be as a small part of a much larger, > much more established project. I see that as a great strength, others no > doubt see it as instability and weakness :-) > >> This is a good thing. > > Completely agreed. Indeed - in my view it is entirely right for the > contributor meritocracy as a whole to make project decisions, such as > licensing, in a collective fashion. > So you don't see any possibility for individual choice among TDF contributors to make their code available under an additional compatible license beyond than those minimum required by TDF? This is decided in a collectivist style, with no option for personal choice or conscience? Really? > As such, if the TDF board, ESC etc. can be persuaded that using an > Apache license is the best way to go forward, and that the benefits to > everyone (perhaps new contributors) outweigh the (extremely substantial) > negative impact of loosing contributors that feel strongly against this, > the cost of having to re-write their contributions, deal with the > repercussions etc.: then that is indeed a decision we can make. The fact > that IBM is represented only by proxy in that decision is due to their > regrettable lack of engagement with our process, and relatively small > contribution to date (and not for want of us reaching out to try to > include you guys). > Would you be willing to put this to a vote of the TDF membership: Shall LO contributors be permitted, based on their individual, personal choice, to make their contributions to TDF/LO be available under the Apache 2.0 license, in addition to the required LGPL/MPL licenses? Or does your collective decision making preclude actually polling your contributors? > However you touch quite well on the real root issue here. > > ASF is a very well known entity it has a substantial raft of > set-in-stone policies covering many (but clearly not all) aspects of > community, licensing, governance, fund-raising, trademarks, branding, > and more. It even has a popular brand around that raft of choices: The > Apache Way that should be protected. That is great. The ASF is a good > and worthy institution that reflects it's memberships wishes and > produces good software. They are also seriously inflexible on these > topics, since they believe them to be the best, as is reasonable and > their right. The Apache Way no doubt works excellently for many projects > that voluntarily submit to it. > I'm talking individual choice. There is nothing today that prevents an Apache contributor from taking their contributions and making them to LO as well, under LPGL. Nothing. I'm just trying to see if TDF/LO has similar flexibility. Bringing up the fact that Apache is an well-established 11 year old foundation is nice, but evades the main question > However, from my perspective, allowing a minority contributor: IBM to > choose ASF, and thus try to dictate this slew of set-in-stone > pre-decisions to the wider community is highly antisocial. That > effectively robs us by dilution and inertia of any real choice in most > of these matters forever. This to me is the primary annoyance here, not > licensing per-se which is only a symptom. > This is not IBM. This is about whether TDF allows its contributors to collaborate with Apache on code, or whether this is active discouraged. > To point out that TDF is flexible and therefore must be the one that > change, whereas ASF's inflexibility (carefully chosen for this attribute > by a minority contributor) means they cannot change - is to get rather > close to the nub of the problem. It also looks a little disingenuous. > AOOoI participants clearly have a similar flexiblity: the freedom to > join TDF, and let incubation amicably lapse. > Indeed Apache contributors are free to send their patches to LO, under any license they chose. We don't discourage this. > It is of course a minority's right, and apparently ASF's choice to > support such actions - but they are emphatically anti-meritocratic when > you look at the bigger picture. To have (well meaning) people (who have > contributed
Re: Working on a project roadmap ...
Are you on the wrong list? Yesterday it was about making babies, today it's about the Soviet Union. Let's see what we have in tomorrow, hm? Rob Weir wrote on 2011-10-26 13:57: I know that offeing choice was a threat to the Soviet Union. -- Florian Effenberger Steering Committee and Founding Member of The Document Foundation Tel: +49 8341 99660880 | Mobile: +49 151 14424108 Skype: floeff | Twitter/Identi.ca: @floeff
Re: Working on a project roadmap ...
On Wed, Oct 26, 2011 at 6:57 AM, Rob Weir wrote: > > Would you be willing to put this to a vote of the TDF membership: > Shall LO contributors be permitted, based on their individual, > personal choice, to make their contributions to TDF/LO be available > under the Apache 2.0 license, in addition to the required LGPL/MPL > licenses? No need for a vote. No-one can force/forbid individual volunteer to do what they want. so a 'vote' to declare a 'people shall be permitted' is a weasel-words non-sens. And that is _not_ what Pedro suggested. he suggested that the TDF board 'encouraged' people to contribute to your project. > > I'm talking individual choice. There is nothing today that prevents > an Apache contributor from taking their contributions and making them > to LO as well, under LPGL. Nothing. I'm just trying to see if > TDF/LO has similar flexibility. Bringing up the fact that Apache is > an well-established 11 year old foundation is nice, but evades the > main question The main question being founded on a Non Sequitur, it is quite hard not to evade it. > >> However, from my perspective, allowing a minority contributor: IBM to >> choose ASF, and thus try to dictate this slew of set-in-stone >> pre-decisions to the wider community is highly antisocial. That >> effectively robs us by dilution and inertia of any real choice in most >> of these matters forever. This to me is the primary annoyance here, not >> licensing per-se which is only a symptom. >> > > This is not IBM. Yes it is. The whole thing is about IBM and only IBM. It has been ever since SUN changed it's license away from SISSL to LGPL. > > Indeed Apache contributors are free to send their patches to LO, under > any license they chose. We don't discourage this. Really ?. Does that hold true for IBM employee ? or only for contributor over which you have no actual coercive power ? Does IBM 'encourage' its employee to submit patches under the appropriate license to LO ? > > >> It is of course a minority's right, and apparently ASF's choice to >> support such actions - but they are emphatically anti-meritocratic when >> you look at the bigger picture. To have (well meaning) people (who have >> contributed even less than Rob) imposing one company's choice of >> set-in-stone pre-decisions on the project, day after day would be fairly >> horrendous. >> > > "imposing choice"? Really? One can impose a decision, surely. But > no one is talking about that. We are not talinkg about that indeed.Tthere was no 'talking' about it at all: this was presented as a fait-accompli by IBM > > So giving choice is a threat to the LO community > I know that offeing > choice was a threat to the Soviet Union. *plonk
Re: [Proposal] Security coordination without a shared list
If this is what the AOOo PPMC ends up deciding, what happens to the specific securityteam@ email address? Given that it's already plastered over the web, I think it would be useful to have it forward to ooo-security@, so that at least the relevant AOOo security experts can get any reports that go there, and can ensure they inform any other relevant parties by your method below. - Shane On 10/25/2011 12:08 PM, Rob Weir wrote: There is an easy way to avoid all the trust issues with regards to shared mailing lists. Don't have such a list. Trust individuals. This proposal takes this approach. 1) The AOOo PMC solicits the names of security contacts from related projects who wish to be consulted related to pre-disclosure coordination related to analysis and resolution of reported security vulnerabilities. Names of individuals are preferred over opaque mailing lists. Trust can be established based on a PGP/GPG web of trust. These names and addresses are stored confidentially in the PPMC's private SVN directory. 2) The AOOo security team reaches out to these contacts, as appropriate,v ia their preferred contact mechanism, to coordinate on specific vulnerabilities. We (Apache) would cc ooo-security on our external emails, as required by Apache policy [1]. 3) Other groups would be encouraged to reach out to AOOo in similar circumstances via our preferred contact mechanism, ooo-security. 4) This fully allows targeted collaboration on specific issues, via each project's preferred contact mechanism, without requiring the maintenance of an additional email list. 5) If we want to discuss security in general, then that can/should happen on public dev lists.That public discussion could occur anywhere. [1]: http://www.apache.org/security/committers.html
Re: working on a OpenOffice roadmap
Hi Rob, On Wed, 2011-10-26 at 07:33 -0400, Rob Weir wrote: > But now that Oracle has put the core code under Apache 2.0 via their > SGA, you now have the opportunity to have a consistent licensing > policy that would be conducive to collaboration. Sure - that is an improvement collaboration is possible, and we can work together to work out how best to do that; rather than having a minority try to pre-judge the outcome :-) > to quote Michael Meeks: ... wresting four year old words outside the context of the situation at the time. If politics is the art of the possible - then it pays to (at a given time) ask for -what you think is achievable-; which is the context of my quote. > Now - a meritocratically constituted foundation, to which all code / > translation etc. contributors belonged, with some truly representative > governance - I'd love to belong to something like that & assign my > rights to it." Sounds like a great description of TDF - right ? :-) though wrt. assigning rights my view has changed quite a bit in four years. It seems -obvious- (to me at least) that ASF is an infinitely better home for the project than OO.o ever was, and much of their advice and governance input is -long- overdue. However it is also clear to me that the ASF is sub-optimal compared to following the majority of the development community's choice as expressed in TDF. > Of course, now that that company running the project is his own > company, Michael has become dogmatic about license rather that his > previous dogmatism about governance. Plus ça change... ... double-take ...; I'm sorry, let me try to unpack this. You doubt that TDF is a sincerely meritocratic organisation ? that it is genuinely open to all participants ? you try to portray it as "run by SUSE" ? is IBM running Apache OpenOffice.org (Incubating) ? (I don't think I insinuated that anywhere). Clearly I am thrilled that SUSE can contribute a lot to TDF, but I'm also eager to spread and diversify our contributor base: something we're doing quite well at I think. Again IBM would be a most welcome participant and peer, with influence in proportion to it's contribution (as at Apache I hope). > > It is one thing to not 'prevent' someone from abandoning free-software > > principles (as if anyone had such power anyway) > > It is quite another to have "libreoffice [more exactly TDF] ask its > > members" or contributors to do so > > is collaboration against free software principles? I think I outlined my case really quite clearly. I refer you to my previous mail. Collaboration is great if done in a reasonable way. Submitting code under a given license to a given entity clearly implies some endorsement of that entity, and it's actions. That is something I struggle with wrt. AOOoI for the outlined reasons. All the very best, Michael. -- michael.me...@suse.com <><, Pseudo Engineer, itinerant idiot
Re: Neutral / shared security list ...
On 10/25/2011 3:54 PM, Dennis E. Hamilton wrote: Rob, It is an interesting social observation that distrust is not exemplary of being trustworthy. (Distrust is a kind of permission to be righteously untrustworthy, as is too easily demonstrated in world affairs as well as closer to home in regard to specific events already discussed on this list.) In my thinking, the first act of being trustworthy is being trusting of those you want to recognize you as trustworthy. Similarly, the first act towards having an efficient, friendly, and healthy community mailing list is to both ensure that one tries to write in a friendly and welcoming manner, and ensure that one focuses on engaging with community members who show promise of doing real work for this community. I have to say that the amount of poor behavior on this list is astounding; both from committers within the community, and also from a number of people who (as best I can tell) have no plans of becoming committers within this community. Enough about that. I do want to disassociate AOOo from the ASF record over the years. That is not the AOOo record. AOOo is not even six months old. AOOo needs to establish its trustworthiness the old-fashioned way, and it is not by inheritance or even by association. Not yet. I agree that trust does take time to build. However while AOOo may be new - especially in the number of people with a history in OOo code in the past - it is also part of the ASF. While the ooo-security@ delegates of the AOOo PPMC are expected to do the right things and handle security issues for the AOOo project, the long-running Apache Security Team is there to provide advice and counsel on processes and expertise. The Apache Security Team is also there to ensure that the ooo-security@ list - and any potentially ASF hosted securityteam@ list - is run in an appropriately secure and even handed fashion. http://www.apache.org/security/ - Shane
Re: [proposal] Neutral / shared security list ...
I also have to say - similar to what Dennis said - that if we're making a specific proposal for ways to address security concerns that it absolutely needs to be in a new thread, with a clear title and a clear and detailed proposal. There are far too many threads going on for enough people in the PPMC to be able to have a good understanding of all of them. Also, 72 hours is the minimum for seeking lazy consensus. For something as important as security, I might suggest giving it a longer time. - Shane On 10/25/2011 6:44 PM, Dennis E. Hamilton wrote: Dave, if you are going to do that, just relabeling a thread is not helpful. Please compose a specific concrete proposal under a [DISCUSS], and announce the duration and end-time for a lazy consensus at the top. Give it at least 3 full 24-hour calendar days. I don't have any sense that there is alignment yet, but there may be in that time and I am happy to be mistaken. Then at the end, if there is a consensus, please report what it is. - Dennis -Original Message- From: Dave Fisher [mailto:dave2w...@comcast.net] Sent: Tuesday, October 25, 2011 15:35 To: ooo-dev@incubator.apache.org Cc: flo...@documentfoundation.org Subject: Re: [proposal] Neutral / shared security list ... Hi - Sorry to reply to myself. Even though there are choices in this email. Please view it as a proposal. Where we are seeking lazy consensus. On Oct 25, 2011, at 3:26 PM, Dave Fisher wrote: On Oct 25, 2011, at 3:18 PM, Simon Phipps wrote: On Wed, Oct 26, 2011 at 12:04 AM, Dave Fisher wrote: Agreed. We need to pick a neutral domain name. office-security.org is apparently free. Some institution needs to buy domain registration. I've been the volunteer registrar for a social groups domain, it is a pain to transition. This needs to be an institution, it could be Team OOo? I think they are too close to the matter. SPI exists specifically to hold assets in trust - perhaps they would hold the registration for us all? If we agree I'd be happy to volunteer to contact them. It's also possible we could ask OSI to do it - Jim Jagielski and I are both on the Board at present. These are both interesting ideas. The proposal is to pick a domain and get registration Simon volunteers to help. An ISP for hosting the private ML needs to be selected. Dennis suggests that the ASF could be that ISP for free. And: On Oct 25, 2011, at 2:51 PM, Florian Effenberger wrote: If we basically agree that such a list as outlined by me is a way to go, I am happy to ask a friend of mine who has a very good reputation in being a mail server, mailing list and security expert, with a very good track record, including all sorts of certifications. He is offering e-mail services as business. I just don't want to spread the name publically without asking him first, and I don't want to ask him, before we have some common understanding. :-) The proposal is for the exiting securityteam to choose, the above are two possibilities. securityteam@oo.o is migrated to whatever the new list is, and those people start administrating. I think it is very important for the public to know who all of the projects are on the shared ML. I propose that this shared security team provide a list of participating peers to the public. Are we done already :-) Let's let the world revolve to see if we have some Consensus. Revolve 3x or 72 hours. Regards, Dave Regards, Dave Regards, Dave That is fair to anyone, does not exclude anyone, does not benefit one over the other -- it's easy, simple, and the best way to go. Sure, everyone can create own aliases pointing to that list, but the core is the same, and that's what matters. If you folks now start complaining about we don't trust Apache, we can answer by complaining you don't trust TDF and so on. It's a horrible waste of time, it's lame, it does not help anyone, and it makes me doubt we're talking amongst adults, seriously. And, really, all this crap being tossed around about trustworthiness, upstream, downstream, code similarities and insults is worth not even the digital paper it's written on. I made a simple, plain, and easy proposal. Don't make things overly complicated, folks. Thanks for considering, Florian -- Florian Effenberger Steering Committee and Founding Member of The Document Foundation Tel: +49 8341 99660880 | Mobile: +49 151 14424108 Skype: floeff | Twitter/Identi.ca: @floeff -- Simon Phipps +1 415 683 7660 : www.webmink.com
Note sent out to legacy marketing lists
I've sent out an invitation note to the legacy openoffice.org marketing lists, inviting them to join the new ooo-marketing list. I did this only for the English-language lists. But in the top 100 lists are several NL marketing lists, in German and Dutch. Although I could send them a note as well, in English, it would probably be best if we had volunteers who could engage and assist these lists in their own language. I think Manfred already has a German translation of the intro post. Can anyone translate it into Dutch as well? The post is here: https://cwiki.apache.org/confluence/display/OOOUSERS/Email+Migration+Post Thanks! -Rob
Re: [proposal] Neutral / shared security list ...
A couple of observations: On 10/25/2011 8:03 PM, Dave Fisher wrote: On Oct 25, 2011, at 4:43 PM, Rob Weir wrote: On Tue, Oct 25, 2011 at 7:19 PM, Dave Fisher wrote: On Oct 25, 2011, at 4:05 PM, Rob Weir wrote: On Tue, Oct 25, 2011 at 7:01 PM, Dennis E. Hamilton ...snip... I think then we need to weight having a smashing fun party with LO hackers in a private, unauditable list with no license discipline versus Apache's primary mission of producing software for public use under the Apache 2.0 license. Code through Community. I'm trying to find a way to keep the larger community together. And I applaud honest efforts to make it simpler to share appropriately licensed code with other open source groups. However for the purposes of what the AOOo podling does, the relevant community is the set of existing and likely future committers on this podling. While there is a rich and wonderful history around the OpenOffice.org project and it's products, the relevant discussion for ooo-dev@ is how we're going to manage this new project called (I'm betting) Apache OpenOffice. You are asserting that the list will be unauditable when the ASF is still a possible "ISP"? Leaving aside my confusion over which proposal is which, I will note that services core to any ASF project must be hosted by ASF infra. We have found that even when dealing with third parties who have all the best intentions, allowing core services to be hosted externally often causes problems. ASF projects - through ASF infra - need to be masters of their own services. As a corollary, ooo-security@ must be on ASF list hardware. And given that the ASF will be hosting the domain name, any future securityteam@oo.o email address will be hosted on ASF hardware. While I can certainly understand (in theory) trust issues from past OOo participants about the new AOOo PPMC, I must admit I don't understand the level of distrust I seem to see from some non-committers about the ASF as a whole. This podling won't be running all this hardware themselves - they'll only be helping the existing ASF infra team on running it. Core services at the ASF are not subject to the whims of any specific project, rather they are maintained by the Foundation as a whole for *all* of our projects, in a vendor-neutral way. You are asserting a "smashing fun party" problem that is not visible to me. I've forgotten what specific confusing points were made on this thread now, but I did want to add a third point: beer. Many ASF project communities also have a rich history of having fun and drinking beer, and we shouldn't forget that! - Shane, ending on a lighter note (but *not* a light beer, please)
Re: working on a OpenOffice roadmap
--- On Wed, 10/26/11, Norbert Thiebaud wrote: ... > > We could argue like this forever I am sure :-P. > :-D > > > > > Hmm... about 10 years ago I wrote an article > > about the evilness of the GPL. I guess I > > should rescue it and upload it again just > > for didactical purposes. > > > > For me the meritocratic foundation and the > > free software license are both in the Apache > > Foundation and I certainly wouldnt settle for > > less. > > I guess we will have to settle for the clichet: : "to agree > to disagree" :-) > Yes, and that doesnt mean we cant collaborate on many issues. There are still some technical objectives we both share and we could work together on them. I can draw a list if it makes sense. There is also a list of things where we will diverge drastically, and to be honest, I think that is good. It serves no purpose to have two identical projects. I am particularly OK with LO being Apache code + GNU atuff, as it would be OK to see Apache code + propietary stuff in other forks. I want to see variety, and LO would be important if it helps raising the bar for new commercial players. I am quite sincere in saying that I wish LibreOffice the best and it wouldnt worry me at all if you take the market lead. Pedro.
Re: [proposal] Neutral / shared security list ...
On Wed, Oct 26, 2011 at 8:21 AM, Shane Curcuru wrote: > > While I can certainly understand (in theory) trust issues from past OOo > participants about the new AOOo PPMC, I must admit I don't understand the > level of distrust I seem to see from some non-committers about the ASF as a > whole. > I can only speak for myself, but, for better or worse, all I knew of Apache, prior to last June, was that it was a popular Web server and also home to a bunch of Java-related stuff. Since then, I've developed the feeling that ASF is to OOo what ISO is to OOXML: a well intentioned organization that is used/abused as a weapon in a corporate turf war. If I was a betting man, I would wager that, if anything, we will see a multi-millions line code dump (or a bunch of non-bisectable commits) from IBM that turn AOOo into a circa 2007 fork of OOo named Apache Symphony. At that point we will see if ASF hold IBM to the same standard than it held the Blusky podling. Norbert
Re: [proposal] Neutral / shared security list ...
On 10/26/2011 10:20 AM, Norbert Thiebaud wrote: On Wed, Oct 26, 2011 at 8:21 AM, Shane Curcuru wrote: While I can certainly understand (in theory) trust issues from past OOo participants about the new AOOo PPMC, I must admit I don't understand the level of distrust I seem to see from some non-committers about the ASF as a whole. I can only speak for myself, but, for better or worse, all I knew of Apache, prior to last June, was that it was a popular Web server and also home to a bunch of Java-related stuff. Since then, I've developed the feeling that ASF is to OOo what ISO is to OOXML: a well intentioned organization that is used/abused as a weapon in a corporate turf war. If I was a betting man, I would wager that, if anything, we will see a multi-millions line code dump (or a bunch of non-bisectable commits) from IBM that turn AOOo into a circa 2007 fork of OOo named Apache Symphony. At that point we will see if ASF hold IBM to the same standard than it held the Blusky podling. Norbert I'm sorry to hear you have such a poor feeling about the ASF. I can only mention the many, many ASF Members and Incubator PMC members who don't work for IBM, and who should be reading the key requirement for any podling to graduate: http://incubator.apache.org/guides/graduation.html#community In any case, these subjects are getting off topic for ooo-dev@, so we should let the AOOo PPMC here figure out how it's going to publicize ways to report security concerns to it. - Shane
Re: [proposal] Neutral / shared security list ...
On Wed, Oct 26, 2011 at 10:48 AM, Shane Curcuru wrote: > In any case, these subjects are getting off topic for ooo-dev@, so we should > let the AOOo PPMC here figure out how it's going to publicize ways to report > security concerns to it. > In parallel, it might be good for the TDF/LO members to take a week or so, and have a discussion on their own mailing list about how they could better collaborate with AOOo. LO has hundreds of developers, so I'm sure the diversity of opinions there is greater than suggested by the 2 or 3 TDF voices we hear on this list. We certainly have a range of opinions on the topic among AOOo committers. It would be odd if the same were not true for TDF/LO. -Rob
How to patch this Apache web page?
I saw a note from Infra@ saying that in future we should submit new mailing list requests with a comma delimited list of moderator email addresses. In our last request I put it in tabular form with names and addresses. Presumably that requires some manual cut & paste with opportunities for error. I was following the instructions on this page: http://www.apache.org/dev/reporting-issues.html#mail-new-lists It would be good to get that updated with the hint about a comma-delimited list of moderator names. Can I update that page? If not, where would one submit a patch for non-project, global pages like that? -Rob
Re: How to patch this Apache web page?
It's in the CMS too, and you have commit. > >From: Rob Weir >To: ooo-dev@incubator.apache.org >Sent: Wednesday, October 26, 2011 11:32 AM >Subject: How to patch this Apache web page? > >I saw a note from Infra@ saying that in future we should submit new >mailing list requests with a comma delimited list of moderator email >addresses. In our last request I put it in tabular form with names >and addresses. Presumably that requires some manual cut & paste with >opportunities for error. > >I was following the instructions on this page: > >http://www.apache.org/dev/reporting-issues.html#mail-new-lists > >It would be good to get that updated with the hint about a >comma-delimited list of moderator names. > >Can I update that page? If not, where would one submit a patch for >non-project, global pages like that? > >-Rob > > >
Re: [proposal] Neutral / shared security list ...
Hi Rob, all > Von: Rob Weir > Gesendet: 26.10.11 17:15 Uhr > > On Wed, Oct 26, 2011 at 10:48 AM, Shane Curcuru wrote: > > > > > In any case, these subjects are getting off topic for ooo-dev@, so we should > > let the AOOo PPMC here figure out how it's going to publicize ways to report > > security concerns to it. > > > > In parallel, it might be good for the TDF/LO members to take a week or > so, and have a discussion on their own mailing list about how they > could better collaborate with AOOo. My gut feeling is, that we should skip this discussion for a while. At almost all the topics we discusss here we come to a kind of emotional and religious discussion. So it might be better to take a rest. For me it is quite hard to identify fields of collaboration, as long as there is just one side with substantial contributions. E.g. it is hard to discuss about sharing translations, as long as it unclear how AOOoI will handle translations. Same about code, we can argue for a very long time if and how there might be ways for collaboration - but we will only se if our ideas really work, if there is some substantial code at AOOoI. If I get the apache philosophy right, Apache assumes that contribution from "other parties" will be seen, because those other parties aknowledge that it is good for them (means it's much easier to include Apache code in their producst if they contribute their own changes back). The problem here to me seems to be, that there is hardly anything useful in AOOo for LibreOffice *at the moment*. This indeed might change sooner or later (and I was pleased to her from Jürgen that IBM staff is working hard to achieve that). > LO has hundreds of developers, > so I'm sure the diversity of opinions there is greater than suggested > by the 2 or 3 TDF voices we hear on this list. We certainly have a > range of opinions on the topic among AOOo committers. It would be odd > if the same were not true for TDF/LO. Of course, TDF does not control it's members or contributors. Everyone is free to discuss any topic or to work on any project she wants. So, that only few people show up here at the Apache list might be for the simple reason, that they don't see that it is worth the effort to get heavily involved in the discusssions here. (But is it TDF's responsibility to tell other people about what's going on at Apache?) Again - this might change, as soon as AOOoI has some code and maybe even ships binaries. At the very moment it seems to me all these discussions do more harm than they are helpfull. best regards, André
Re: How to patch this Apache web page?
On Wed, Oct 26, 2011 at 11:43 AM, Joe Schaefer wrote: > It's in the CMS too, and you have commit. > It let me commit the MDText, but when I tried to publish the HTML I got this error: Commit of merge failed: URL access forbidden for unknown reason: Commit failed (details follow):: access to '/repos/infra/!svn/ver/797503/websites/production/www' forbidden at /usr/local/cms/webgui/lib/ASF/CMS.pm line 661 So... I got it half way. I assume it will get the rest of the way when someone with karma publishes that page to production. -Rob > > > >> >>From: Rob Weir >>To: ooo-dev@incubator.apache.org >>Sent: Wednesday, October 26, 2011 11:32 AM >>Subject: How to patch this Apache web page? >> >>I saw a note from Infra@ saying that in future we should submit new >>mailing list requests with a comma delimited list of moderator email >>addresses. In our last request I put it in tabular form with names >>and addresses. Presumably that requires some manual cut & paste with >>opportunities for error. >> >>I was following the instructions on this page: >> >>http://www.apache.org/dev/reporting-issues.html#mail-new-lists >> >>It would be good to get that updated with the hint about a >>comma-delimited list of moderator names. >> >>Can I update that page? If not, where would one submit a patch for >>non-project, global pages like that? >> >>-Rob >> >> >>
Re: Working on a project roadmap ...
--- On Wed, 10/26/11, Norbert Thiebaud wrote: > > > > > Would you be willing to put this to a vote of the TDF > membership: > > Shall LO contributors be permitted, based on their > individual, > > personal choice, to make their contributions to TDF/LO > be available > > under the Apache 2.0 license, in addition to the > required LGPL/MPL > > licenses? > > No need for a vote. No-one can force/forbid individual > volunteer to do > what they want. so a 'vote' to declare a 'people shall be > permitted' > is a weasel-words non-sens. > And that is _not_ what Pedro suggested. he suggested that > the TDF > board 'encouraged' people to contribute to your project. > Indeed I am not asking for a vote, its just an idea to keep for rhe future under the concept that us committing some of your changes would make it easier for you to keep in sync with our base. I am also in strong agreement with Andre general idea (from another thread), in that right now you dont see clearly the advantages of working with us. This all will be solved with time, I hope. Pedro.
Re: Shutdown of the "download.services.openoffice.org" host and its Mirrorbrain instance
Am 10/24/2011 03:08 AM, schrieb Marcus (OOo): Am 10/23/2011 11:50 PM, schrieb Peter Pöml: On Sat, Oct 22, 2011 at 01:15:34 +0200, Marcus (OOo) wrote: Hi Peter, it seems the end is near and the "download.services.openoffice.org" host on Oracle side with our Mirrorbrain instance will be shutdown in one week. Okay... Little question, wouldn't it make sense, at this point, to take the download.s.o.o VM and move it somewhere else? I don't have the disk space myself, but maybe somebody else has? Perhaps the ASF can provide the space? (Other than disk space, the requirements are pretty modest.) Then the entire download service could continue to run, with very low effort, and without the need to build everything from scratch for now. The problem is that the ASF do not want to host and provide services of special software for single projects. I can understand this as even the ASF infra is a team of volunteers and their time is limited as it is for all others. Furthermore, I don't know details about the VM setup and where it's detailed located. Do you? However, I like your idea. It requires indeed only a bit diskspace and internet access. The maintainance could be done by us, the project members. If you would share a bit of your knowledge then I could takeover the admin role. ;-) @Peter: Can you tell me how to get to the VM? Or at least which important config files to save? @List: Has anybody an idea about where to host this service? It doesn't need to be necessarily inside the ASF. Really nobody? As we cannot buildup a solution that is running, tested and long-term-proven in a few days I would like to ask you if we can switch to your "openoffice.mirrorbrain.org" instance as long as we have no other solution at hand. In the past it was a very reliable host that we have used when there were outages (mostly unplanned as you know) and doesn't resulted in a significant higher load on the host. So, it would help us very much to have a stable download section until we have an own solution here at ASF. Yes, please use my host for now! Great, thanks a lot. Thanks in advance and have a nice, sunny weekend. Thanks a lot. Same to you all, Marcus
Re: [proposal] Neutral / shared security list ...
On Wed, Oct 26, 2011 at 5:15 PM, Rob Weir wrote: > On Wed, Oct 26, 2011 at 10:48 AM, Shane Curcuru > wrote: > > > > > In any case, these subjects are getting off topic for ooo-dev@, so we > should > > let the AOOo PPMC here figure out how it's going to publicize ways to > report > > security concerns to it. > > > > In parallel, it might be good for the TDF/LO members to take a week or > so, and have a discussion on their own mailing list about how they > could better collaborate with AOOo. Gents, that's all worthy talk, but the subject at hand is how best to have the legacy StarOffice meta-community co-ordinate on security issues in a way complementary to the projects' own security mechanisms given the loss of trust resulting from an earlier discussion around AOOo stewardship of the existing mailing list. Dave pieced together a workable solution, using input from a variety of people, and has been leaving the subject open for about 24 hours for discussion seeking further constructive input. There has been nothing new that I've seen, and I hope he will now post a [Vote] thread for what he sees as the most likely consensus conclusion. S.
Re: Shutdown of the "download.services.openoffice.org" host and its Mirrorbrain instance
On Oct 26, 2011, at 12:11 PM, Marcus (OOo) wrote: > Am 10/24/2011 03:08 AM, schrieb Marcus (OOo): >> Am 10/23/2011 11:50 PM, schrieb Peter Pöml: >>> On Sat, Oct 22, 2011 at 01:15:34 +0200, Marcus (OOo) wrote: >> >> Hi Peter, >> it seems the end is near and the "download.services.openoffice.org" host on Oracle side with our Mirrorbrain instance will be shutdown in one week. >>> >>> Okay... Little question, wouldn't it make sense, at this point, to take >>> the download.s.o.o VM and move it somewhere else? I don't have the disk >>> space myself, but maybe somebody else has? Perhaps the ASF can provide >>> the space? (Other than disk space, the requirements are pretty modest.) >>> Then the entire download service could continue to run, with very low >>> effort, and without the need to build everything from scratch for now. >> >> The problem is that the ASF do not want to host and provide services of >> special software for single projects. I can understand this as even the >> ASF infra is a team of volunteers and their time is limited as it is for >> all others. They are building a lot special for AOOo. THANKS! So, it depends. If we define a stack for services and get support then it is a lot like the MWiki and Forums. Infrastructure will help secure the servers, but the project will need to provide sysadmins. I've heard that "Jails" are available. >> >> Furthermore, I don't know details about the VM setup and where it's >> detailed located. Do you? >> >> However, I like your idea. It requires indeed only a bit diskspace and >> internet access. The maintainance could be done by us, the project >> members. If you would share a bit of your knowledge then I could >> takeover the admin role. ;-) > > @Peter: > Can you tell me how to get to the VM? Or at least which important config > files to save? Are there requirements for more than what is on the mirrorbrain page? http://mirrorbrain.org/requirements/ Extracting the list gives: Apache HTTPD server mod_mirrorbrain mod_form mod_geoip / libGeoIP PostgreSQL (or Apache DBD API compatible driver) mod_asn ? • Python and some modules: psycopg2, sqlobject, cmdln. • Perl and some modules: Config::IniFiles, libwww::perl, DBD::Pg, Digest::MD4, Date::Parse If we are on ASF hardware then we won't want to serve a local copy: So, "Alternatively, a pseudo file tree can created locally. In that case, MirrorBrain needs to be configured to never deliver files directly." http://mirrorbrain.org/archive/mirrorbrain/0045.html >> @List: >> Has anybody an idea about where to host this service? It doesn't need to >> be necessarily inside the ASF. > > Really nobody? If the mirrorbrain instructions are that simple and can be easily supplemented with detail. Like what database is currently being used on download.s.oo.o? and which version? > As we cannot buildup a solution that is running, tested and long-term-proven in a few days I would like to ask you if we can switch to your "openoffice.mirrorbrain.org" instance as long as we have no other solution at hand. In the past it was a very reliable host that we have used when there were outages (mostly unplanned as you know) and doesn't resulted in a significant higher load on the host. So, it would help us very much to have a stable download section until we have an own solution here at ASF. >>> >>> Yes, please use my host for now! >> >> Great, thanks a lot. >> Thanks in advance and have a nice, sunny weekend. >>> >>> Thanks a lot. Same to you all, > > Marcus Regards, Dave
Re: Mailing list user migration: Staging and volunteers
On Tue, Oct 25, 2011 at 2:43 PM, Rob Weir wrote: > On Tue, Oct 25, 2011 at 5:36 PM, Kay Schenk wrote: > > On Tue, Oct 25, 2011 at 2:30 PM, Rob Weir wrote: > > > >> A quick summary of where we are, in case you haven't been following > >> the previous threads. > >> > >> Information on the top 100 legacy mailing lists is on the wiki [1]. > >> A draft note that will be sent to these lists is an another page [2]. > >> > >> If you note in that first page, the "Migration Owner" column is blank. > >> So either I need to quickly learn French, Dutch and Japanese, or I > >> need some help here. > >> > >> Volunteers would translate the note, send it to the relevant NL lists, > >> and be available on those lists to answer any migration-related > >> questions. Ideally you would already be a participant on the lists > >> and familiar to that community. > >> > >> As for staging, I'd recommend that we do not do this all at once. > >> Migrating 100 lists at once would be very messy. But we can easily > >> break this down into related groups of lists and do the migration over > >> a few weeks. One possible staging would be: > >> > >> 1) All the lists that will be merged into the new ooo-marketing list. > >> This will help jump start that lists important work, and bring > >> community members into the discussion who might not have been > >> interested in the other topics we've been discussing on ooo-dev. > >> > >> 2) All of the lists that will be merged into ooo-dev > >> > >> 3) All of the lists that will be merged into ooo-users > >> > >> 4) NL lists (which could be done in parallel with the above. However, > >> they will require some discussion and admin work to create new > >> ooo-lang lists,) > >> > >> The thought behind this staging is that we "work out the kinks" with > >> the more technical and (hopefully) more forgiving project lists, > >> before moving on to the user and NL lists. We can adjust the > >> instructions and messaging based on what we learn from the initial > >> migrations. > >> > >> Regards, > >> > >> -Rob > >> > >> > > Have the "new" NL lists been setup already? I may have missed that and I > > haven't look at any jira tix. > > > > No NL lists yet, except for Japanese. We need moderator volunteers > before we can request them. > > Process for getting a new mailing list created is here: > > http://www.apache.org/dev/committers.html#new-mailing-list > > Probably makes sense to start with the largest NL communities first? > > > > >> [1] https://cwiki.apache.org/confluence/display/OOOUSERS/Mailing+lists > >> [2] > >> > https://cwiki.apache.org/confluence/display/OOOUSERS/Email+Migration+Post > >> > > > > > > > > -- > > > --- > > MzK > > > > "This is no social crisis > > Just another tricky day for you." > > -- "Tricky Day", the Who > > > OK. In terms of process, it's kind of a Catch-22 with the NL lists I guess. We can't have them without moderators, and it's unlikely we'll get (volunteer) moderators until we have them . What to do... The ones in the first block on: https://cwiki.apache.org/confluence/display/OOOUSERS/Mailing+lists through website.dev should be good for the initial message you've got. And, I'm sure they're all English-speaking. Where are you with any of this? Do you need some of us to do subscriptions and get started? Maybe we could assign blocks from the first part of the page above? I'm happy to help. I don't have a lot of time on a daily basis, but could probably do at least 10 over the next few days. I would be happy to deal with sc.dev thru website.dev. I'll start on subscriptions to these pronto. IT might be a good idea if we decided to do the messaging on the same day though. Thoughts. -- --- MzK "This is no social crisis Just another tricky day for you." -- "Tricky Day", the Who
Re: Shutdown of the "download.services.openoffice.org" host and its Mirrorbrain instance
Hi, On Wed, Oct 26, 2011 at 01:43:20 -0700, Dave Fisher wrote: > Are there requirements for more than what is on the mirrorbrain page? The page should list all essential requirements. > http://mirrorbrain.org/requirements/ > > Extracting the list gives: > > Apache HTTPD server > mod_mirrorbrain > mod_form > mod_geoip / libGeoIP > PostgreSQL (or Apache DBD API compatible driver) While the DBD framework would allow to use other databases, MirrorBrain depends on features that only PostgreSQL offers. So this is a must, I'm sorry ;-) > mod_asn ? Highly useful when there are many mirrors, and when downloads are large. Both is the case with OOo. Thus, we have used mod_asn for OOo downloads so far and I would really recommend to continue using it. > If we are on ASF hardware then we won't want to serve a local copy: > > So, "Alternatively, a pseudo file tree can created locally. In that case, > MirrorBrain needs to be configured to never deliver files directly." > > http://mirrorbrain.org/archive/mirrorbrain/0045.html MirrorBrain is more than a file server or redirector. It automates the creation of checksums, hashes, torrents, metalinks and serves cryptographic signatures. Files need to be present locally to exploit these features. These features are useful for OOo because downloads are generally large, which requires reliable transfer. > >> @List: > >> Has anybody an idea about where to host this service? It doesn't need to > >> be necessarily inside the ASF. > > > > Really nobody? > > If the mirrorbrain instructions are that simple and can be easily > supplemented with detail. Setting up MirrorBrain would be one way, but it would require replication additional configuration (for instance, download statistics) that we have built on the current download server (download.services.openoffice.org). Another way would be to simply have a virtual machine, where we move the current server to. That would cause the least effort, I guess. Starting from scratch would mean to lose a lot of the previos work -- and I really mean lots, which I dare to judge because I spent a lot of time with download.services.openoffice.org. On the other hand, having MirrorBrain at the core of the ASF's mirror system could be interesting for other projects, too. I know closer.cgi but I'm sure that MirrorBrain could serve the ASF well. (Well possible as an addition, rather than a replacement, for a soft transition.) That might outweigh the pain of creating OOo's download service from scratch in a different environment. Are you involved in maintaining ASF infrastructure, or know people who are? > Like what database is currently being used on download.s.oo.o? and which > version? Uhm, PostgreSQL 8.4.4. (But any 8.3/8.4 version should do.) Thanks, Peter pgpLYGG9McsVD.pgp Description: PGP signature
Re: Shutdown of the "download.services.openoffice.org" host and its Mirrorbrain instance
On Wed, Oct 26, 2011 at 5:57 PM, Peter Pöml wrote: > The page should list all essential requirements. > >> http://mirrorbrain.org/requirements/ Does MirrorBrain allow downloaders to specify the mirror they want to use? I didn't see that as a feature. This is necessary for people operating behind firewalls that block websites based on type. For example, my company's firewall doesn't allow access to many filesharing sites and certain types of businesses, but does allow access to universities. This means when I get an update for an Apache product I often need to manually select a university mirror. Don
Re: Bugzilla: can we rename some of the product categories?
On 25/10/2011 Marcus (OOo) wrote: Am 10/25/2011 12:58 AM, schrieb Regina Henschel: Rob Weir schrieb: Would it be possible to bring all the locale-related categories together, e.g.: lang-aa lang-af ... and so on? ... I would prefer to have one item 'native language' in 'Product' and the language itself in 'Component'. ... Maybe the question "Where to put the languages?" is the start for a little rework in the BZ structure. Here the main issue is that bug categories correspond to projects, but this mapping is awkward when it comes to N-L projects. The bugzilla categories corresponding to, say, "IT", (the Italian N-L project) aren't supposed to be used for bug reports about the Italian localization, since the l10n component is the right one for them (and the language name is used as tag, like: [IT]: Wrong translation of "Insert Page Break"). The only proper use for those components is internal case-tracking among project members, and the large majority of N-L projects surely never used it this way, or bug reporting about the N-L websites. So if all these categories were dropped it wouldn't probably be a huge loss, unless any N-L groups are actively using them. Dropping the "IT" bug category surely wouldn't harm, we never really used it. Regards, Andrea.
Re: [proposal] development for the first AOO release
On 24/10/2011 Rob Weir wrote: On Mon, Oct 24, 2011 at 9:18 AM, Oliver-Rainer Wittmann wrote: - "IP cleared" milestone ... This milestone would result in an OpenOffice.org missing a lot of important features, but this milestone would be the basis regarding Apache's IP rules. This milestone could be released according to the Apache rules. "Could" be released. We can debate whether we would actually release this. Right, if the first Apache release is missing important features that used to be in OpenOffice.org 3.3 then it could be detrimental to the project. OpenOffice.org users are waiting for updates, and whatever you explain, they will download and install the first Apache version and judge from what they see. Ideally, they should be given a bugfixed 3.4-beta under LGPL3 that would show the nice improvements done after OOo 3.3, but we have already discussed this in other threads. If, on the contrary, the first release is missing important functionality, it could easily backfire and it's better not to expose users to it. Regards, Andrea.
Re: Shutdown of the "download.services.openoffice.org" host and its Mirrorbrain instance
Am 10/27/2011 12:43 AM, schrieb Donald Whytock: On Wed, Oct 26, 2011 at 5:57 PM, Peter Pöml wrote: The page should list all essential requirements. http://mirrorbrain.org/requirements/ Does MirrorBrain allow downloaders to specify the mirror they want to use? I didn't see that as a feature. This is necessary for people operating behind firewalls that block websites based on type. For example, my company's firewall doesn't allow access to many filesharing sites and certain types of businesses, but does allow access to universities. This means when I get an update for an Apache product I often need to manually select a university mirror. I would say not directly but it's possible: Example: If you want to download the OOo 3.4 Beta you normally would download from here for your favorite OS and language: http://download.openoffice.org/all_beta.html When the automatically chosen mirror is not suitable, then you can use the "Details" webpage that MirrorBrain creates for every file to look for other mirrors. E.g.: http://download.services.openoffice.org/files/extended/3.4beta/ http://download.services.openoffice.org/files/extended/3.4beta/OOo-Dev_3.4beta_20110411_Linux_x86-64_install-rpm_en-US.tar.gz.mirrorlist It's not that obvious but IMHO simple enough. But I guess even this could be more simplified. ;-) Marcus
Re: Draft mailing list notification post
On 25/10/2011 Rob Weir wrote: Maybe split this into two emails, and space them a week apart? So one email that is the intro, gives the background on the Incubation, the migration effort, etc. Short and sweet. They might actually read it. Then follow a week later with "As we previously mentioned in our note last week We're starting the list migration now. To join the new list you will need to" Would that be better? Nice idea. I received one of the notices sent out today (to [marketing-ooocon-discuss], which is actually more a project-related list than a marketing-related one, since it's meant for the OpenOffice.org Conference; but it doesn't matter) and indeed it is quite long, so if there is no hurry I'd support the two-steps approach. The link to https://cwiki.apache.org/confluence/display/OOOUSERS/OpenOffice.org+Mig ration+Status was split in two lines (by the mailing list management program, I assume) in the message I received; a short URL will probably work better. As I said, I'll translate the notice into Italian and take care of migrating the Italian lists (all 12 of them, not only the 4 that are in the top 100). I added my name to the wiki page. I'm happy with the plan to move N-L lists as the last step, since we need a communication channel open all the time, so I wouldn't touch the lists until the forum migration is complete. Regards, Andrea.
Re: [proposal] development for the first AOO release
On Wed, Oct 26, 2011 at 7:13 PM, Andrea Pescetti wrote: > On 24/10/2011 Rob Weir wrote: >> >> On Mon, Oct 24, 2011 at 9:18 AM, Oliver-Rainer Wittmann >> wrote: >>> >>> - "IP cleared" milestone ... >>> This milestone would result in an OpenOffice.org missing a lot of >>> important >>> features, but this milestone would be the basis regarding Apache's IP >>> rules. >>> This milestone could be released according to the Apache rules. >> >> "Could" be released. We can debate whether we would actually release >> this. > > Right, if the first Apache release is missing important features that used > to be in OpenOffice.org 3.3 then it could be detrimental to the project. > > OpenOffice.org users are waiting for updates, and whatever you explain, they > will download and install the first Apache version and judge from what they > see. Ideally, they should be given a bugfixed 3.4-beta under LGPL3 that > would show the nice improvements done after OOo 3.3, but we have already > discussed this in other threads. If, on the contrary, the first release is > missing important functionality, it could easily backfire and it's better > not to expose users to it. > Exactly. I think of it more as a "milestone build". It would be qualified for Apache release, based on it IP review, but won't release it. We'll want to do more work on it first. We're just saying that on the road to 3.4, we'll first have a milestone build that is clean from the IP review perspective, then work on restoring features needed for release. > Regards, > Andrea. >
Re: [proposal] development for the first AOO release
Am 10/27/2011 01:13 AM, schrieb Andrea Pescetti: On 24/10/2011 Rob Weir wrote: On Mon, Oct 24, 2011 at 9:18 AM, Oliver-Rainer Wittmann wrote: - "IP cleared" milestone ... This milestone would result in an OpenOffice.org missing a lot of important features, but this milestone would be the basis regarding Apache's IP rules. This milestone could be released according to the Apache rules. "Could" be released. We can debate whether we would actually release this. Right, if the first Apache release is missing important features that used to be in OpenOffice.org 3.3 then it could be detrimental to the project. OpenOffice.org users are waiting for updates, and whatever you explain, they will download and install the first Apache version and judge from what they see. Ideally, they should be given a bugfixed 3.4-beta under LGPL3 that would show the nice improvements done after OOo 3.3, but we have already discussed this in other threads. If, on the contrary, the first release is missing important functionality, it could easily backfire and it's better not to expose users to it. I'm sure Oliver's intension with "release" was not to call it the next feature or bugfix release but as a kind of intermediate step. When we clearly communicate what it is *and* what's not, then no user should have anything to complain. Marcus
Re: Shutdown of the "download.services.openoffice.org" host and its Mirrorbrain instance
Am 10/26/2011 11:57 PM, schrieb Peter Pöml: Hi, On Wed, Oct 26, 2011 at 01:43:20 -0700, Dave Fisher wrote: Are there requirements for more than what is on the mirrorbrain page? The page should list all essential requirements. http://mirrorbrain.org/requirements/ Extracting the list gives: Apache HTTPD server mod_mirrorbrain mod_form mod_geoip / libGeoIP PostgreSQL (or Apache DBD API compatible driver) While the DBD framework would allow to use other databases, MirrorBrain depends on features that only PostgreSQL offers. So this is a must, I'm sorry ;-) mod_asn ? Highly useful when there are many mirrors, and when downloads are large. Both is the case with OOo. Thus, we have used mod_asn for OOo downloads so far and I would really recommend to continue using it. If we are on ASF hardware then we won't want to serve a local copy: So, "Alternatively, a pseudo file tree can created locally. In that case, MirrorBrain needs to be configured to never deliver files directly." http://mirrorbrain.org/archive/mirrorbrain/0045.html MirrorBrain is more than a file server or redirector. It automates the creation of checksums, hashes, torrents, metalinks and serves cryptographic signatures. Files need to be present locally to exploit these features. These features are useful for OOo because downloads are generally large, which requires reliable transfer. @List: Has anybody an idea about where to host this service? It doesn't need to be necessarily inside the ASF. Really nobody? If the mirrorbrain instructions are that simple and can be easily supplemented with detail. Setting up MirrorBrain would be one way, but it would require replication additional configuration (for instance, download statistics) that we have built on the current download server (download.services.openoffice.org). Another way would be to simply have a virtual machine, where we move the current server to. That would cause the least effort, I guess. +1 this should be really our goal for now ... Starting from scratch would mean to lose a lot of the previos work -- and I really mean lots, which I dare to judge because I spent a lot of time with download.services.openoffice.org. On the other hand, having MirrorBrain at the core of the ASF's mirror system could be interesting for other projects, too. I know closer.cgi but I'm sure that MirrorBrain could serve the ASF well. (Well possible as an addition, rather than a replacement, for a soft transition.) That might outweigh the pain of creating OOo's download service from scratch in a different environment. ... and this the long term goal. The ASF can really benefit from this way of downloading software. Currently you have to choose a mirror, then change to the directory structure where the respective binary is located and finally download it. OK, the target audience the ASF currently has is developer-oriented, so this is not too difficult for them. ;-) However, it could be indeed easier. But I try to think more as an enduser. And these people need to have a simple solution. That means a link on a webpage where they click on and the download of the file is starting. IMHO we have already a very simple solution you can see on "http://download.openoffice.org"; and I would be happy to help to buildup a similar thing for the entire ASF. @Donald: Of course we can keep the current download behavior to satisfy also users that needs to download from a specific mirror server. Marcus Are you involved in maintaining ASF infrastructure, or know people who are? Like what database is currently being used on download.s.oo.o? and which version? Uhm, PostgreSQL 8.4.4. (But any 8.3/8.4 version should do.) Thanks, Peter
Re:Working on a project roadmap ...
I want to make a couple of things clear about ASF projects (I speak with my mentor hat on but not necessarily for other mentors): Firstly, the ASF has many years of experience in running successful open source projects. We even have a few failures to teach us some lessons too. This produces a raft of "best practices". One should not assume that "best practice" is unchanging or inflexible. Secondly, the ASF has very few policies that are "set in stone". There are some policies relating to due diligence and IP management, but very few relating to community development. One of the few fixed policies for community are no benevolent dictators (either individuals or corporations). No project graduates from the incubator without diversity. As a mentor I have no interest in encouraging the AOOo community to adopt policies that do. Reflect the needs and desires of thode.earning merit here. If one wants this project to operate in a specific way then one should.demonstrate a willingness to help us build diversity by contributing constructively. Don't expect me, or anyone else, to read past reams of point scoring and posturing based on misinformation, dogma or non-ASF history. I won't do that. I won't read thousands of such words in order to find the odd nugget of useful information. I, and I assume almost everyone here, has no time for that. In recent weeks we've seen some very constructive work here. It's a shame it is being drowned by these meaningless and pointless arguments. Lets just stay constructive, focus on facts and have some fun - please. Ross
Re: Shutdown of the "download.services.openoffice.org" host and its Mirrorbrain instance
Sent from my mobile device, please forgive errors and brevity. On Oct 27, 2011 12:37 AM, "Marcus (OOo)" wrote: > > Am 10/26/2011 11:57 PM, schrieb Peter Pöml: > >> >> >> Setting up MirrorBrain would be one way, but it would require >> replication additional configuration (for instance, download statistics) >> that we have built on the current download server >> (download.services.openoffice.org). >> >> Another way would be to simply have a virtual machine, where we move the >> current server to. That would cause the least effort, I guess. > > > +1 this should be really our goal for now ... ... > > >> Starting from scratch would mean to lose a lot of the previos work -- >> and I really mean lots, which I dare to judge because I spent a lot of >> time with download.services.openoffice.org. >> >> On the other hand, having MirrorBrain at the core of the ASF's mirror >> system could be interesting for other projects, too. I know closer.cgi >> but I'm sure that MirrorBrain could serve the ASF well. (Well possible >> as an addition, rather than a replacement, for a soft transition.) >> That might outweigh the pain of creating OOo's download service from >> scratch in a different environment. > > > ... and this the long term goal. > > The ASF can really benefit from this way of downloading software. Currently you have to choose a mirror, then change to the directory structure where the respective binary is located and finally download it. > This is not correct. I have no idea if the ASF can benefit from MirrorBrain or not, but if your justification for such a statement is based on the above erroneous analysis of the current mirror system then I have my concerns. I don't want to discuss it now since you indicate this is a long term goal (search this lists archives if you want to read more on the ASF mirror system before bringing this to the infra team). Ross
Re: [proposal] Neutral / shared security list ...
Simon, Several of the servers in *.services.oo.o will be gone this coming weekend. The AOOo project is focusing energy on these critical matters. For example, the wiki and forums are being moved. On Oct 26, 2011, at 1:26 PM, Simon Phipps wrote: > > > On Wed, Oct 26, 2011 at 5:15 PM, Rob Weir wrote: > On Wed, Oct 26, 2011 at 10:48 AM, Shane Curcuru wrote: > > > > > In any case, these subjects are getting off topic for ooo-dev@, so we should > > let the AOOo PPMC here figure out how it's going to publicize ways to report > > security concerns to it. > > > > In parallel, it might be good for the TDF/LO members to take a week or > so, and have a discussion on their own mailing list about how they > could better collaborate with AOOo. > > > Gents, that's all worthy talk, but the subject at hand is how best to have > the legacy StarOffice meta-community co-ordinate on security issues in a way > complementary to the projects' own security mechanisms given the loss of > trust resulting from an earlier discussion around AOOo stewardship of the > existing mailing list. > > Dave pieced together a workable solution, using input from a variety of > people, and has been leaving the subject open for about 24 hours for > discussion seeking further constructive input. There has been nothing new > that I've seen, and I hope he will now post a [Vote] thread for what he sees > as the most likely consensus conclusion. I never intended a [VOTE] thread. I was going to seek Lazy Consensus. Next will be a [DISCUSS] / [PROPOSAL] thread, but it won't be before next week. When that does happen it will include this proposal. There are other strong opinions in the project. These need to be carefully included as options. We have gained clarity on issues from the LO perspective. This includes how to properly address our peers. So, please wait while the time critical *.service.oo.o issues are addressed. If any issues are reported we all know where the current security lists exist. Best Regards, Dave
Re: Shutdown of the "download.services.openoffice.org" host and its Mirrorbrain instance
Am 10/27/2011 02:03 AM, schrieb Ross Gardler: Sent from my mobile device, please forgive errors and brevity. On Oct 27, 2011 12:37 AM, "Marcus (OOo)" wrote: Am 10/26/2011 11:57 PM, schrieb Peter Pöml: Setting up MirrorBrain would be one way, but it would require replication additional configuration (for instance, download statistics) that we have built on the current download server (download.services.openoffice.org). Another way would be to simply have a virtual machine, where we move the current server to. That would cause the least effort, I guess. +1 this should be really our goal for now ... ... Starting from scratch would mean to lose a lot of the previos work -- and I really mean lots, which I dare to judge because I spent a lot of time with download.services.openoffice.org. On the other hand, having MirrorBrain at the core of the ASF's mirror system could be interesting for other projects, too. I know closer.cgi but I'm sure that MirrorBrain could serve the ASF well. (Well possible as an addition, rather than a replacement, for a soft transition.) That might outweigh the pain of creating OOo's download service from scratch in a different environment. ... and this the long term goal. The ASF can really benefit from this way of downloading software. Currently you have to choose a mirror, then change to the directory structure where the respective binary is located and finally download it. This is not correct. I have no idea if the ASF can benefit from MirrorBrain or not, but if your justification for such a statement is based on the above erroneous analysis of the current mirror system then I have my concerns. I OK, thats what I've done to come to my point: - browse to "http://www.apache.org/"; - click on "Download" top right - choose a mirror - change to the dir structure to your file - now download Is there an easier way to get software? don't want to discuss it now since you indicate this is a long term goal (search this lists archives if you want to read more on the ASF mirror system before bringing this to the infra team). Of course, first we need to clean our own home before our village is next. ;-) Marcus
Re: working on a OpenOffice roadmap
Sent from my mobile device, please forgive errors and brevity. On Oct 25, 2011 2:01 PM, "Shane Curcuru" wrote: > > Thank you Pedro for the very well thought out and politely presented explanation of your point. It's very helpful to have this kind of honest and detailed discussion, especially when tempers run high, and doubly so when there's such a clear (and unfortunate) distrust between AOOo community members and folks working on TDF/LO. > +1000 Ross
Re: working on a OpenOffice roadmap
I'd like to return this thread to the original topic. Martin, Have you any further thoughts on Shanes comments below (I'm aware there was a response from you later in the thread but it got lost, I've come back to this point to get close to the root of the thread and as far away as possible from the destructive pettiness that can be found throughout the rest of this thread) Sent from my mobile device, please forgive errors and brevity. On Oct 20, 2011 1:36 PM, "Shane Curcuru" wrote:
Re: Shutdown of the "download.services.openoffice.org" host and its Mirrorbrain instance
Sent from my mobile device, please forgive errors and brevity. On Oct 27, 2011 1:22 AM, "Marcus (OOo)" wrote: > > Am 10/27/2011 02:03 AM, schrieb Ross Gardler: > >> Sent from my mobile device, please forgive errors and brevity. >> On Oct 27, 2011 12:37 AM, "Marcus (OOo)" wrote: >>> >>> >>> Am 10/26/2011 11:57 PM, schrieb Peter Pöml: >>> >> >> >> Setting up MirrorBrain would be one way, but it would require replication additional configuration (for instance, download statistics) that we have built on the current download server (download.services.openoffice.org). Another way would be to simply have a virtual machine, where we move the current server to. That would cause the least effort, I guess. >>> >>> >>> >>> +1 this should be really our goal for now ... >> >> >> ... >> >>> >>> Starting from scratch would mean to lose a lot of the previos work -- and I really mean lots, which I dare to judge because I spent a lot of time with download.services.openoffice.org. On the other hand, having MirrorBrain at the core of the ASF's mirror system could be interesting for other projects, too. I know closer.cgi but I'm sure that MirrorBrain could serve the ASF well. (Well possible as an addition, rather than a replacement, for a soft transition.) That might outweigh the pain of creating OOo's download service from scratch in a different environment. >>> >>> >>> >>> ... and this the long term goal. >>> >>> The ASF can really benefit from this way of downloading software. >> >> Currently you have to choose a mirror, then change to the directory >> structure where the respective binary is located and finally download it. >>> >>> >> >> This is not correct. I have no idea if the ASF can benefit from MirrorBrain >> or not, but if your justification for such a statement is based on the above >> erroneous analysis of the current mirror system then I have my concerns. I > > > OK, thats what I've done to come to my point: > - browse to "http://www.apache.org/"; > - click on "Download" top right > - choose a mirror > - change to the dir structure to your file > - now download > > Is there an easier way to get software? E.g. http://httpd.apache.org/download.cgi#apache22 It auto selects the nearest mirror and provides appropriate download links - a single click. Want it pretty with big blue buttons? It's just HTML This was discussed early in the AOOo podlings existence.see archives for.more.
Re: Neutral / shared security list ...
I totally agree with Florian. Please stop this "cold war" fought with pointless rhetoric. On 10/25/2011 11:56 PM, Florian Effenberger wrote: Hello, it is really amazing how much hot air can be produced for such a topic. Folks, it's rather easy. After the recent discussions and the history of this topic, it becomes obvious, that neutral grounds are important. Neutral grounds mean: - no domain name related to Apache, OOo, TDF or LibO - no hosting at one of these entities - members of the list from both parties (and of course other third parties that make sense) - admins of the list from both parties I'd also avoid any of the German associations, either directly or via donations, since stakeholders at both projects are in their respective boards, which might raise concerns towards neutrality. What's so complicated to understand here? We can bury ourselves with senselessly quoting bullshit from dictionaries, wikipedia or a philospher of our choice, or finally start working on things. A concrete proposal: - We can use either FreeDesktop.org, - or in case this is seen as non-neutral as it hosts also a few TDF lists (not all), go for SourceForge. - I am also happy to ask a friend of mine who is in the business of mail server consultancy, to host that list under a neutral domain name. He hosts various lists for free projects. In case that's not neutral enough as he's a friend, I know none of the admins at SourceForge. So, is there any *compelling* reason not to try out one of these three options? Florian
Re: [CODE] Review i118519 and i118520 - gtk quickstarter and libegg
I committed this and it's a firm advance towards cleaning up copylefted code from the base. Thanks Ariel! Pedro. --- On Tue, 10/25/11, Ariel Constenla-Haile wrote: > Hi there, > > can someone in the know of framework/gtk stuff please > review patches attached > to https://issues.apache.org/ooo/show_bug.cgi?id=118519 > and > https://issues.apache.org/ooo/show_bug.cgi?id=118520 > > Regards > -- > Ariel Constenla-Haile > La Plata, Argentina >
Re: [proposal] Neutral / shared security list ...
On 27 Oct 2011, at 02:07, Dave Fisher wrote: > Simon, > > Several of the servers in *.services.oo.o will be gone this coming weekend. > The AOOo project is focusing energy on these critical matters. > > For example, the wiki and forums are being moved. > > On Oct 26, 2011, at 1:26 PM, Simon Phipps wrote: > >> >> >> On Wed, Oct 26, 2011 at 5:15 PM, Rob Weir wrote: >> On Wed, Oct 26, 2011 at 10:48 AM, Shane Curcuru >> wrote: >> >> >> >> > In any case, these subjects are getting off topic for ooo-dev@, so we >> > should >> > let the AOOo PPMC here figure out how it's going to publicize ways to >> > report >> > security concerns to it. >> > >> >> In parallel, it might be good for the TDF/LO members to take a week or >> so, and have a discussion on their own mailing list about how they >> could better collaborate with AOOo. >> >> >> Gents, that's all worthy talk, but the subject at hand is how best to have >> the legacy StarOffice meta-community co-ordinate on security issues in a way >> complementary to the projects' own security mechanisms given the loss of >> trust resulting from an earlier discussion around AOOo stewardship of the >> existing mailing list. >> >> Dave pieced together a workable solution, using input from a variety of >> people, and has been leaving the subject open for about 24 hours for >> discussion seeking further constructive input. There has been nothing new >> that I've seen, and I hope he will now post a [Vote] thread for what he sees >> as the most likely consensus conclusion. > > I never intended a [VOTE] thread. I was going to seek Lazy Consensus. Next > will be a [DISCUSS] / [PROPOSAL] thread, but it won't be before next week. > When that does happen it will include this proposal. There are other strong > opinions in the project. These need to be carefully included as options. > > We have gained clarity on issues from the LO perspective. This includes how > to properly address our peers. > > So, please wait while the time critical *.service.oo.o issues are addressed. > If any issues are reported we all know where the current security lists exist. No problem, I just heard the issue being "superceded by process" - it can certainly wait until next week in my view. S.
