lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <dfabf8b10d3e825c9a7f6c110e042dc72e50217d.camel@hammerspace.com>
Date:   Sat, 20 Oct 2018 18:45:27 +0000
From:   Trond Myklebust <trondmy@...merspace.com>
To:     "gnomes@...rguk.ukuu.org.uk" <gnomes@...rguk.ukuu.org.uk>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>
CC:     "mishi@...ux.com" <mishi@...ux.com>,
        "ksummit-discuss@...ts.linuxfoundation.org" 
        <ksummit-discuss@...ts.linuxfoundation.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [Ksummit-discuss] [PATCH 6/7] Code of Conduct: Change the contact
 email address

On Sat, 2018-10-20 at 19:28 +0100, Alan Cox wrote:
> > +to the circumstances. The Code of Conduct Committee is obligated
> > to
> > +maintain confidentiality with regard to the reporter of an
> > incident.
> > +Further details of specific enforcement policies may be posted
> > +separately.
> 
> Unfortunately by ignoring the other suggestions on this you've left
> this
> bit broken.
> 
> The committee can't keep most stuff confidential so it's misleading
> and
> wrong to imply they can. Data protection law, reporting laws in some
> countries and the like mean that anyone expecting an incident to
> remain
> confidential from the person it was reported against is living in
> dreamland and are going to get a nasty shock.
> 
> At the very least it should say '(except where required by law)'.
> 
> There is a separate issue that serious things should always go to law
> enforcement - you are setting up a policy akin to the one that got
> the
> catholic church and many others in trouble.
> 
> You should also reserving the right to report serious incidents
> directly
> to law enforcement. Unless of course you want to be forced to sit on
> multiple reports of physical abuse from different people about
> someone - unable to tell them about each others report, unable to
> prove
> anything, and in twenty years time having to explain to the media why
> nothing was done.
> 

...and then you get into questions about how this committee will
respond to queries from said law enforcement, and indeed to which legal
systems the committee will or will not report incidents.

Why would we want to be going down the path of trying to handle reports
about "serious incidents" in the first place? That seems way out of
scope for a code of conduct arbitration scheme. Even attempting to
counsel people as to whether or not they should report incidents can
get you in trouble in many parts of the world.

-- 
Trond Myklebust
Linux NFS client maintainer, Hammerspace
trond.myklebust@...merspace.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ