incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe Jr." <>
Subject Re: Extraordinary OpenOffice security patch (Was: [Incubator Wiki] Update of "April2012" by robweir)
Date Thu, 12 Apr 2012 19:59:08 GMT
On 4/12/2012 2:37 AM, Daniel Shahaf wrote:
> Dave Fisher wrote on Wed, Apr 11, 2012 at 23:48:05 -0700:
>> Sorry, I can't remain mute, but I offended anyone, sorry, but this was
>> wrongly done. I don't know a better way....
> What about expanding the membership of ooo-security@?  Currently it has
> less than 10 subscribers.

That's ideal for a start.  The security team needs to escalate actual releases
to the private@ pmc list, if not the dev@ list at some point.  Joining the
security@ list isn't the answer to missing communications to private@.

That said, does it have the right ~10 subscribers?  Are more appropriate?

It seems that about 1/3 of the httpd PMC are on httds's list, while most
every tomcat PMC member is on tomcat's list.  The global ASF security team
list is actually smaller than either, and a handful of these are likely to
be ASF officers rather than specific committee members.  [Note that the ASF
wide list is a firehose of spam, it's not a pleasant place to hang out.]

So if ooo-security grows to 20 that shouldn't be surprising at all, but it
should be deliberate and measured based on specific contributions to finding
or fixing specific security defects, over a number of years.  It's another
list where merit can be helpful in helping it grow over time.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message