Matt Wilson writes ("Re: [Xen-devel] Security policy ambiguities - XSA-108
process post-mortem"):
> On this point in particular, back in 2012 [1] I suggested that all
> membership requests should be discussed in public on a community email
> list like xen-devel, or another email list to avoid noise. The Xen
> Project Security Team shouldn't have to evaluate petitions for
> membership while managing an embargoed issue. I brought this up again
> in 2013 [2] regarding the Coverity process.
I agree that publishing applications, and the team's responses, would
be a jolly good idea. I am 100% opposed, though, to any kind of
non-objective `community consensus' process.
Such a system would (a) be unworkable in practice, because no-one
really cares about this kind of tedious makework, and (b) at serious
risk of favouritism (or its opposite).
> This process works quite well for the distros email list, where
> requests for membership requests are discussion on oss-security (a
> public list). [...]
I don't want to criticise another community's process, but I strongly
feel that our arrangements should have broad eligibility based on
objective criteria.
Ian.
_______________________________________________
Xen-devel mailing list
[email protected]
http://lists.xen.org/xen-devel
