| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2023061946-latitude-negligent-e4ae@gregkh>
Date: Mon, 19 Jun 2023 11:55:29 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: Finn Thain <fthain@...ux-m68k.org>
Cc: Jonathan Corbet <corbet@....net>,
tech-board-discuss@...ts.linux-foundation.org,
Theodore Ts'o <tytso@....edu>,
Kees Cook <keescook@...omium.org>,
Dan Williams <dan.j.williams@...el.com>,
linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Documentation: Linux Contribution Maturity Model and the
wider community
On Mon, Jun 19, 2023 at 07:41:57PM +1000, Finn Thain wrote:
> The Linux Contribution Maturity Model methodology is notionally based on
> the Open source Maturity Model (OMM) which was in turn based on the
> Capability Maturity Model Integration (CMMI).
>
> According to Petrinja et al., the goal of the OMM was to extend the CMMI
> so as to be useful both for companies and for communities [1][2]. However,
> the Linux Contribution Maturity Model considers only companies and
> businesses.
>
> This patch addresses this bias as it could hinder collaboration with
> not-for-profit organisations and individuals, which would be a loss to
> any stakeholder.
>
> Level 5 is amended to remove the invitation to exercise the same bias
> i.e. employees rewarded indirectly by other companies.
>
> [1] Petrinja, E., Nambakam, R., Sillitti, A.: Introducing the
> OpenSource Maturity Model. In: 2nd Emerging Trends in FLOSS Research
> and Development Workshop at ICSE 2009, Vancouver, BC, Canada (2009)
>
> [2] Wittmann, M., Nambakam, R.: Qualipso Deliverable A6.D1.6.3
> CMM-like model for OSS.
>
> Cc: Theodore Ts'o <tytso@....edu>
> Cc: Kees Cook <keescook@...omium.org>
> Cc: Dan Williams <dan.j.williams@...el.com>
> Signed-off-by: Finn Thain <fthain@...ux-m68k.org>
> ---
> Documentation/process/contribution-maturity-model.rst | 9 ++++-----
> 1 file changed, 4 insertions(+), 5 deletions(-)
>
> diff --git a/Documentation/process/contribution-maturity-model.rst b/Documentation/process/contribution-maturity-model.rst
> index b87ab34de22c..863a2e4c22e2 100644
> --- a/Documentation/process/contribution-maturity-model.rst
> +++ b/Documentation/process/contribution-maturity-model.rst
> @@ -62,8 +62,8 @@ Level 3
> =======
>
> * Software Engineers are expected to review patches (including patches
> - authored by engineers from other companies) as part of their job
> - responsibilities
> + authored by contributors from outside of the organization) as part of
> + their job responsibilities
This is fine, but:
> * Contributing presentations or papers to Linux-related or academic
> conferences (such those organized by the Linux Foundation, Usenix,
> ACM, etc.), are considered part of an engineer’s work.
> @@ -103,7 +103,6 @@ Level 5
>
> * Upstream kernel development is considered a formal job position, with
> at least a third of the engineer’s time spent doing Upstream Work.
> -* Organizations will actively seek out community member feedback as a
> - factor in official performance reviews.
Why are you removing this? I write more performance reviews now than I
have have in my life, all for companies that I do NOT work for. That's
a good thing as it shows these orginizations value the feedback of the
community as a reflection on how well those employees are doing at their
assigned job. Why are you removing that very valid thing?
> * Organizations will regularly report internally on the ratio of
> - Upstream Work to work focused on directly pursuing business goals.
> + Upstream Work to work focused on directly pursuing the organisation's
This is a good change.
thanks,
greg k-h
Powered by blists - more mailing lists