incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <>
Subject Re: Extraordinary OpenOffice security patch (Was: [Incubator Wiki] Update of "April2012" by robweir)
Date Thu, 12 Apr 2012 06:48:05 GMT

On Apr 11, 2012, at 10:43 PM, William A. Rowe Jr. wrote:

> On 4/11/2012 2:36 PM, Jukka Zitting wrote:
>> It should be noted though that even though the /dist/incubator/ooo
>> space was used to distribute these patches, they were and are not
>> officially blessed by the Incubator PMC on behalf of the ASF.
>> Should a similar case arise in the future, I'd prefer if a clearly
>> separate area under /dist or some other place was used to prevent
>> confusing these with official Apache releases.
> Short of people.a.o/~luser/my-patch.tgz, I'm fairly certain that
> can't happen with an incubating podling.  Everything under the space
> /dist/ must exist under a PMC.  And if AOOo ever does on a broad
> security patch distribution, inflicting that traffic on people.a.o,
> infra will be taking names and kicking asses.
> As chair, you should have been brought into this loop, but with the
> change from Noel I can see how this oversight happened.  Sorry about
> that.  It's probably another example why the current infrastructure
> schema simply isn't plausible.

As a member of the IPMC and also the AOO PPMC I was not very happy with the way this was held
close ny a few mentors and ooo-security members. I made claims on ooo-dev that we weren't
going to patch when others knew perfectly well that we were, It was truly crazy time. I think
that certain people erred on the side of not trusting trustworthy people. That is extremely
unfortunate. I know that I was made to feel I wasted my precious time due to this secrecy.
I think it was wrong. The "inner circle" failed to properly consider Linux users when many
of the PPMC were well within that rank. There were significantly false assumptions about the
user base  impact that were perpetuated by the secrecy that surrounded this patch,

The "inner circle" that did this felt they had no choice but to exclude the PPMC from their
consideration. I know that this damaged my interaction with the project, I still feel very
much untrusted.

Sorry, I can't remain mute, but I offended anyone, sorry, but this was wrongly done. I don't
know a better way....


> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message