On 12/7/2017 4:20 PM, John Hardin wrote:
I was more thinking about coverage for people who aren't using KAM.cf, but your comment about needing enough examples in the masscheck corpus to promote and score the rule is relevant - perhaps it is important enough to add as a base header rule, rather than through ruleqa sandboxes?
It's a hurdle. As a release artifact, it falls under ASF voting rules and the 3 +1's, 72 hours, etc. But I agree that we've overcome that hurdle and have mechanisms that people are ok with publishing automated as long as it passed ruleqa. That is too slow for me so KAM.cf allowed me to publish unilaterally without the delays from the normal voting or automated mechanisms.
Perhaps we can discuss some sort of C-T-R where people can add a flag to sa-update and get the a dev channel. The dev channel gets all rules before masscheck. Not sure if that will cause more issues with other rules that are not as production ready as mine since mine are tested in live production before publishing.
Or we could consider a motion to publish KAM.cf with the sa-signing key but require people to add a channel to their sa-update command line. That's a minor change in lift to save adding the GPG key but a small help nonetheless.
In the end, it goes a bit back to the difference of opinion on what the SA project provides. To me, we provide a framework and proof of concept rules NOT a fully function drop-in installation. With KAM.cf, I believe it's much closer to a drop-in installation. I'm happy to support it but we have to have a mechanism that A) doesn't arbitrarily fail to promote the rules, B) is faster than 1 hour and C) doesn't egregiously ignore the Apache Way.
Regards, KAM
