On 07/28/2011 08:42 PM, Jens-Heiner Rechtien wrote:
But, frankly, I can't see the need of having the CVS stuff at hand. It's
very hard to make sense of this historical data anyway, at least if you
haven't got a decade of OOo developer knowledge under the belt.
It's true that the conversion was
Shane Curcuru wrote on Thu, Jul 28, 2011 at 22:34:53 -0400:
Note that I would also recommend emailing security@ after you have a
basic proposed plan to get advice, and to strongly consider
following any advice you get. They and some of the other major
Apache projects, like Tomcat, Subversion,
It seems there is some kind of subtext here, but it is so obtuse that I have
no idea what is going on.
So: was my short reply useful, or not?
And note that my reply was also given as an augment to Rob's link to source
header application.
Dennis: be clear; *what* are you trying to say? I cannot
I Just noticed that I'm signed up as moderator for the ooo-security
list as robw...@apache.org. This appears to allow me to receive
message (the forwarding works) but does not allow me to issue list
commands. The list manager does not appear to use mailAlias.txt to
resolve my other addresses,
On Fri, Jul 29, 2011 at 3:49 AM, Daniel Shahaf d...@daniel.shahaf.name wrote:
Shane Curcuru wrote on Thu, Jul 28, 2011 at 22:34:53 -0400:
Note that I would also recommend emailing security@ after you have a
basic proposed plan to get advice, and to strongly consider
following any advice you
-Original Message-
From: Rob Weir [mailto:apa...@robweir.com]
Sent: Friday, 29 July 2011 11:48 PM
To: ooo-dev@incubator.apache.org
Subject: Mailing list moderation question
I Just noticed that I'm signed up as moderator for the ooo-security list as
robw...@apache.org. This
Hi Malte,
Malte Timmermann wrote on 2011-07-29 14:56:
I really disagree to add all the members from OOo and LibO to the AOOo
security list.
well, that's sad to hear, but I guess nobody cares at all, so I won't
elaborate any further on this.
This was the same with OOo/LibO: You didn't add
that sould read:
That could be a basis for cooperation, are now revoked...
Florian Effenberger wrote on 2011-07-29 16:37:
No problem. It's not about me, I just find it sad that things that
worked out so very well in the past, and that could be a basis
cooperation, are no revoked by your side.
On Fri, Jul 29, 2011 at 10:37 AM, Florian Effenberger
flo...@documentfoundation.org wrote:
Hi Malte,
Malte Timmermann wrote on 2011-07-29 14:56:
I really disagree to add all the members from OOo and LibO to the AOOo
security list.
well, that's sad to hear, but I guess nobody cares at all,
On Fri, Jul 29, 2011 at 10:58 AM, Florian Effenberger
flo...@documentfoundation.org wrote:
Hi,
Rob Weir wrote on 2011-07-29 16:49:
What did you think of Simon's idea of having a discussion list,
perhaps outside of Apache, where interested parties could discuss
issues related to the security
On 28.07.2011 12:37, Eike Rathke wrote:
Hi Greg,
On Thursday, 2011-07-28 00:41:40 -0400, Greg Stein wrote:
1) import just the OOO340 tip into svn
2) move all the Hg repositories over to apache-extras.org. That
supports Hg and it supports any OSI license. We can indefinitely
retain history
On Fri, Jul 29, 2011 at 10:48 AM, Rob Weir apa...@robweir.com wrote:
On Fri, Jul 29, 2011 at 10:58 AM, Florian Effenberger
flo...@documentfoundation.org wrote:
Hi,
Rob Weir wrote on 2011-07-29 16:49:
What did you think of Simon's idea of having a discussion list,
perhaps outside of Apache,
On Fri, Jul 29, 2011 at 12:26 PM, Norbert Thiebaud nthieb...@gmail.com wrote:
On Fri, Jul 29, 2011 at 10:48 AM, Rob Weir apa...@robweir.com wrote:
On Fri, Jul 29, 2011 at 10:58 AM, Florian Effenberger
flo...@documentfoundation.org wrote:
Hi,
Rob Weir wrote on 2011-07-29 16:49:
What did you
--- On Fri, 7/29/11, Norbert Thiebaud nthieb...@gmail.com wrote:
...
So let me use a analogy to illustrate why I though that was
a sarcasm:
to me, Rob's paragraph read as:
The offer remain open: If any gay person want to marry, we
will gladly recognize that marriage, as long as they
On Fri, Jul 29, 2011 at 11:58 AM, Dave Fisher dave2w...@comcast.net wrote:
On Jul 29, 2011, at 9:26 AM, Norbert Thiebaud wrote:
On Fri, Jul 29, 2011 at 10:48 AM, Rob Weir apa...@robweir.com wrote:
On Fri, Jul 29, 2011 at 10:58 AM, Florian Effenberger
flo...@documentfoundation.org wrote:
...something constructive...
I am already a security expert, but I did not join up with LibO sec
list/committee, yet - I was busy with some other stuff.
I am already on the PPMC, and my committer's iCLA is already on file...
Self-submit to be on the ooo sec list.
Wolf
P.S. Email is almost the
On Fri, Jul 29, 2011 at 1:48 PM, Pedro F. Giffuni giffu...@tutopia.com wrote:
--- On Fri, 7/29/11, Norbert Thiebaud nthieb...@gmail.com wrote:
...
So let me use a analogy to illustrate why I though that was
a sarcasm:
to me, Rob's paragraph read as:
The offer remain open: If any gay
On Jul 29, 2011, at 12:33 PM, Norbert Thiebaud wrote:
On Fri, Jul 29, 2011 at 1:48 PM, Pedro F. Giffuni giffu...@tutopia.com
wrote:
--- On Fri, 7/29/11, Norbert Thiebaud nthieb...@gmail.com wrote:
...
So let me use a analogy to illustrate why I though that was
a sarcasm:
to me,
On Fri, Jul 29, 2011 at 2:04 PM, Dave Fisher dave2w...@comcast.net wrote:
Let's stop misinterpreting and offending each other and find a way to
co-operate.
Several possibilities have been discussed.
(1) A private list of experts that will be contacted as needed by
ooo-security. Maybe
Pavel Janík wrote on Fri, Jul 29, 2011 at 19:55:04 +0200:
On Jul 29, 2011, at 7:49 PM, Norbert Thiebaud wrote:
PS: why o why would signing an iCLA be a requirement to be a project
security liaison ? it's like asking that any ambassador be naturalized
citizen of the country he is in post
We are in a very fledgling situation here. Let's see if we can clear up a few
things.
Here is my understanding of the situation as it exists at the moment.
- Dennis
1. The ooo-security@i.a.o list is private and moderated. Anyone can send a
message to the list. The three current
--- On Fri, 7/29/11, Norbert Thiebaud nthieb...@gmail.com wrote:
...
ok let me use a concrete example:
Let say person A found somewhere in the code something
like
printf( s_usingText );
where there is a risk that s_usingText is not sanitized...
let's say person A notify this
Yes, this is a great approach (and one I believe has been suggested in
essence already).
The point is that ooo-security@ is comprised only of trusted and
knowledgeable Apache OOo committers - because it is the responsibility
of Apache OOo committers (and really the PPMC) to ensure the
Dave Fisher wrote on Fri, Jul 29, 2011 at 12:04:44 -0700:
Let's stop misinterpreting and offending each other and find a way to
co-operate.
Several possibilities have been discussed.
(1) A private list of experts that will be contacted as needed by
ooo-security. Maybe this should be
Dennis E. Hamilton wrote on Fri, Jul 29, 2011 at 13:28:01 -0700:
We are in a very fledgling situation here. Let's see if we can clear up a
few things.
Here is my understanding of the situation as it exists at the moment.
- Dennis
1. The ooo-security@i.a.o list is private and
On Fri, Jul 29, 2011 at 4:28 PM, Dennis E. Hamilton orc...@apache.org wrote:
We are in a very fledgling situation here. Let's see if we can clear up a
few things.
Here is my understanding of the situation as it exists at the moment.
- Dennis
1. The ooo-security@i.a.o list is private
Rob Weir wrote on Fri, Jul 29, 2011 at 17:05:42 -0400:
automatically cc LibreOffice and only LibreOffice
Because I was too lazy to append This is just an example, in reality
you'd have a list of other people and groups you'd CC, and that list may
or may not include TDF to my previous email.
Rob Weir wrote on Fri, Jul 29, 2011 at 16:55:06 -0400:
For example, I'm not seeing at any stage where we would bring
a summary of a reported vulnerability to the PPMC, even on the private
list.
The PPMC could, for example, be on the pre-notification list once the fix
is done.
On Fri, Jul 29, 2011 at 5:14 PM, Daniel Shahaf d...@daniel.shahaf.name wrote:
Rob Weir wrote on Fri, Jul 29, 2011 at 16:55:06 -0400:
For example, I'm not seeing at any stage where we would bring
a summary of a reported vulnerability to the PPMC, even on the private
list.
The PPMC could, for
I just sent in a test email from my work email. Please do not divulge my
employer. (Ah these corporate rules ;-)
Regards,
Dave
On Jul 29, 2011, at 2:54 PM, Dennis E. Hamilton wrote:
You're probably right. It is up to the list subscribers to know what to
ignore then.
We haven't had
It came through on the list without any intervention. Hit my spam list though,
so I tuned up my e-mail client to white-list anything addressed to that list.
- Dennis
-Original Message-
From: Dave Fisher [mailto:dave2w...@comcast.net]
Sent: Friday, July 29, 2011 15:02
To:
On Fri, Jul 29, 2011 at 6:02 PM, Dave Fisher dave2w...@comcast.net wrote:
I just sent in a test email from my work email. Please do not divulge my
employer. (Ah these corporate rules ;-)
Message arrived, no moderation note.
Regards,
Dave
On Jul 29, 2011, at 2:54 PM, Dennis E. Hamilton
Since the ooo-security list became operational, there have been a few requests
to subscribe to the list.
After the e-mail confirmation ceremony, applicants will be told, by the
mail-list robot, that the initiation of their subscription awaits approval by a
moderator.
PLEASE NOTE: UNINVITED
Geezus. You are continuing to be obtuse. I have *no* idea what you're
talking about.
On Jul 29, 2011 9:21 AM, Dennis E. Hamilton dennis.hamil...@acm.org
wrote:
Greg, your short reply was completely sufficient.
It was all I needed and it answered the question that I asked.
It was a little odd
Answered where you did ... huh? What do you mean? Where, what?
Please speak explicitly.
On Jul 29, 2011 9:56 PM, Greg Stein gst...@gmail.com wrote:
Geezus. You are continuing to be obtuse. I have *no* idea what you're
talking about.
On Jul 29, 2011 9:21 AM, Dennis E. Hamilton
35 matches
Mail list logo