On Apr 12, 2012, at 1:00 PM, Dennis E. Hamilton wrote: > Yes, this was already raised on the PPMC (on March 22) as you know. It seems > to me that the PPMC is not concerned. > > It is interesting that it is thought, here, that the remedy is to add more > ooo-security subscribers from the PPMC. That had not come up before.
Well I did raise it on ooo-private. My suggestion was to add someone who understood Linux distributions to ooo-security ASAP. I got blowback. This was unfortunate. Since then we've had discussions about culture, politeness and apologies. There was some discussion about OpenOffice and Linux distro on ooo-dev, but more in context of the AOO release plans. My frustration about not being informed was that no one gave even the slightest notice OFFLIST that there was a reason that certain people were asking the project questions and that things were not as I thought and I should move on and let the world revolve. This is particularly true since I responding with what I had every reason to believe was the project policy. Emotions pass. What's the root cause? It's a communication problem, why was communication blocked? If there are individuals on a PPMC that the podling security team and Mentors feel are not trustworthy enough that it is decided to forgo the minimal courtesy of keeping the PPMC informed to manage the process as Dennis described then perhaps the problem is with the PPMC membership itself. Normally a podling will set the PMC as part the graduation resolution. Perhaps the AOO PPMC membership needs to be revised sooner. Any advice? Regards, Dave > > - Dennis > > -----Original Message----- > From: Ross Gardler [mailto:rgard...@opendirective.com] > Sent: Thursday, April 12, 2012 12:41 > To: general@incubator.apache.org; dennis.hamil...@acm.org > Subject: Re: Extraordinary OpenOffice security patch (Was: [Incubator Wiki] > Update of "April2012" by robweir) > > On 12 April 2012 17:32, Dennis E. Hamilton <dennis.hamil...@acm.org> wrote: >> I don't think the problem is with the size of the ooo-security list >> membership. I think it is in the assumption that the [P]PMC has somehow >> delegated the ability to make a release of any kind to the ooo-security >> team. I don't mean slip-streaming fixes and working off the public SVN >> until that happens. I mean developing and deploying all the rest of what >> accompanies an advisory along with provision of a mitigation. >> > > Whether this is the case or not should be discussed on the ooo-dev > lists rather than the IPMC general list. This is not an IPMC issue. > All IPMC members are free to join that list or read its archives if > they so desire. > > Ross > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org > For additional commands, e-mail: general-h...@incubator.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: general-unsubscr...@incubator.apache.org For additional commands, e-mail: general-h...@incubator.apache.org
