Revising OpenWrt Rules
Sam Kuper
sampablokuper at posteo.net
Mon Oct 5 09:48:07 EDT 2020
On Mon, Oct 05, 2020 at 11:55:41AM +0200, Paul Oranje wrote:
> Op 4 okt. 2020 heeft Fernando Frediani het volgende geschreven:
>> Nobody is going to judge in his own cause. I mentioned when having to
>> take a decision about another decision maker for example, that
>> involves other people or other institution with who the project may
>> have some agreement.
>>
>> Transparency is good but that must not be absolute. There are
>> occasions where discussions may not be help in public due to
>> sensitive matters. Yes fairness comes before and that can be achieved
>> the either way. The ones who matters most in this context are the
>> own decisionmakers and they will be involved in that.
>
> Making decisions in public does not preclude respecting the
> sensitivity of certain matters, e.g. when positions of people are
> concerned, or handling security issues. For cases as those necessarily
> information is only shared once appropiate, but outside such special
> cases the general principle should be: in public.
It seems you agree decisions should be made in public, except for two
specific topics you say should be exempt:
- positions of specific people;
- security issues.
I'm not sure why the former needs to be exempt. Suppose decisionmaker A
gets concerned decisionmaker B is abusing the community's trust.
Decisionmaker A could, on the relevant mailing list, explain their
concerns & propose a (public) vote among the decisionmakers on whether
decisionmaker B be should removed from their roster of decisionmakers.
This would afford decisionmaker B the chance to defend themselves, and
the rest of the decisionmakers (and the community) the chance to
evaluate both sides' claims and to offer additional evidence either way.
(N.B. All interpersonal disputes are contentious. Better that they be
contentious and transparent like this, than contentious and opaque.)
Re: security issues, I'm more sympathetic to your view. I realise that
responsible disclosure, whether outbound from OpenWRT to upstream, or
inbound from someone else to OpenWRT, may require fixes to be discussed
and developed privately (e.g. under embargo) before the vulnerability is
publicly disclosed.
Maybe the best solution would be to have wording a bit like this:
Decisions must be made in public, unless they concern embargoed
security issues (maximum embargo length: 3 months, non-renewable).
Would that be closer to satisfying your concerns? Would you like to
propose better wording?
All best,
Sam
--
A: When it messes up the order in which people normally read text.
Q: When is top-posting a bad thing?
() ASCII ribbon campaign. Please avoid HTML emails & proprietary
/\ file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
More information about the openwrt-adm
mailing list