On Thu, 2014-11-06 at 16:01 +0000, Lars Kurth wrote: > On 5 Nov 2014, at 11:17, Ian Campbell <ian.campb...@citrix.com> wrote: > > > On Fri, 2014-10-31 at 15:40 -0700, Matt Wilson wrote: > >> I think that we should reduce any burden on the security team by > >> making this a community decision that is discussed in public, rather > >> than something that is handled exclusively in a closed manner as it is > >> today. This way others who are active community participants can help > >> with the decision making process can do the investigation and weigh in > >> on the risk/benefit tradeoff to the security process and the > >> project. See Message-ID: > >> <20141021143053.ga22...@u109add4315675089e695.ant.amazon.com> > >> or [1] if you are willing to visit a URL. ;-) > >> > >> There's been a bit of talk about "delay" and so on. I'd rather not set > >> expectations on how long the processing a petition to be added to the > >> predisclosure list should take. Building community consensus takes > >> time, just as it does for > > > > I think regardless of who is processing the applications what is more > > important is to have a concrete set of *objective* criteria. Anyone who > > demonstrates that they meet those criteria must be allowed to join. > > I don't think that having applications discussed and processed on a > dedicated public list and objective criteria are mutually exclusive.
I didn't say otherwise. In fact I said the opposite. My concern was about the criteria being objective and not subjective, regardless of who is processing them. Nobody should be doing a "risk/benefit tradeoff to the security process and the project" when processing an application. They should be going through a list ticking boxes to show that the applicant has(n't) met various criteria. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
