lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAKON4OzrMCOdsDy3+NNah=QiqJ+QurjT2br63yV=6Gu+gvUZfg@mail.gmail.com>
Date:   Fri, 28 Sep 2018 15:38:37 -0400
From:   "jonsmirl@...il.com" <jonsmirl@...il.com>
To:     gnomes@...rguk.ukuu.org.uk
Cc:     bernd@...rovitsch.priv.at,
        Mark Rosenblitt-Janssen <dreamingforward@...il.com>,
        Theodore Tso <tytso@....edu>, fche@...hat.com,
        Rik van Riel <riel@...riel.com>,
        Edward Cree <ec429@...tab.net>,
        Olof Johansson <olof@...om.net>,
        Jonathan Corbet <corbet@....net>,
        lkml <linux-kernel@...r.kernel.org>
Subject: Re: Code of Conduct: Let's revamp it.

On Fri, Sep 28, 2018 at 11:56 AM Alan Cox <gnomes@...rguk.ukuu.org.uk> wrote:
>
> > Well, then I have to repeat myself: Signed-off source code (in form of
> > patches) in a well-known programming language for a (nowadays)
> > well-known GPLv2 licensed project mailed on "everyone can subscribe"
> > mailinglists, (thus) to be found in several $SEARCH_ENGINE-indexed
> > mailinglist archives, if accepted to be found in lots of publicly
> > accessible git repos can be not intended to be published?
> >
> > I wonder what else must happen.
>
> There is a bigger problem in the ambiguity.

Alan, I think there is much wisdom in the Linux community writing
their own CoC. This CoC would go through the same RFC process that any
kernel commit goes through and be discussed on LKML.  I fully expect
this CoC would contain many of the concepts from Contributors Covenant
but as an independently developed document it would not bring external
baggage into the community. The kernel community is full of very smart
people and has access to fine lawyers. Developing a Linux specific CoC
that expresses the community's views, is compatible with laws in the
varied countries and which respects the GPL is a worthy goal.


>
> It's easy to deal with signed off by lines because I had the sense to
> make sure that the DCO covered us for EU data protection and thus it's
> explicit.
>
> It's relatively easy to deal with the case of 'I contributed some code'.
>
> It's really not at all obvious what happens with 'I got some code from
> another project that contains it's authors name'.
>
> The wording IMHO just needs tightening up - and that's a useful
> discussion that ought to he bad. I tihnk everyone understands the *inent*
> of such wording - don't go around doxing people, or posting their home
> address on facebook and calling for people to attend with pitchforks.
>
> There's a second related area that needs sorting out in wording which is
> the implication of any kind of privacy in a complaint - which is really
> bad in two ways
>
> As it is set up now the tab is not a lawyer so the tab could not claim
> any kind of legal privilege. That means in the event of a complaint the
> tab would be powerless not to release almost all the info in the
> complaint if hit by a data protectin request in many jurisdictions. Sure
> they'd have to (and be required to) remove some of the information that
> might identify the complainant.
>
> Secondly one thing that we've learned repeatedly (and notably from the
> church scandals) is that there are some complaints that should upon
> receipt be handed directly to law enforcement, but there is no carve out
> for this.
>
> The other issue is that whoever handles any complaint system needs a
> budget and lawyers because they will potentially have to field judicial
> reviews and other challenges. That means the TAB needs to have
> exemplary record keeping and process because anyone who stands up in a
> legal challenge and says 'Umm.. we read it and talked about it and kind
> of decided X but I don't remember why and there are no minutes and there
> is on process document' is going to get fried. Someone needs to have that
> process in place well in advance.
>
> Alan



-- 
Jon Smirl
jonsmirl@...il.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ