lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <e78eef83a50a558aae765baafcf9c571788a02a5.camel@HansenPartnership.com>
Date:   Mon, 19 Jun 2023 07:32:50 -0400
From:   James Bottomley <James.Bottomley@...senPartnership.com>
To:     fthain@...ux-m68k.org
Cc:     corbet@....net, dan.j.williams@...el.com,
        gregkh@...uxfoundation.org, keescook@...omium.org,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
        tech-board-discuss@...ts.linux-foundation.org, tytso@....edu
Subject: Re: [PATCH] Documentation: Linux Contribution Maturity Model and
 the wider community


On Mon, Jun 19, 2023 at 07:41:57PM +1000, Finn Thain wrote:
> The Linux Contribution Maturity Model methodology is notionally based
> on the Open source Maturity Model (OMM) which was in turn based on
> the Capability Maturity Model Integration (CMMI).
> 
> According to Petrinja et al., the goal of the OMM was to extend the
> CMMI so as to be useful both for companies and for communities
> [1][2].  However, the Linux Contribution Maturity Model considers
> only companies and businesses.

That's not a correct characterization.  The model is designed to
measure and be useful to businesses, but it definitely considers the
community because it's progress is built around being more useful to
and working more effectively with the community.

> This patch addresses this bias as it could hinder collaboration with
> not-for-profit organisations and individuals, which would be a loss
> to any stakeholder.

I don't really think changing 'Businesses' to 'Organizations' entirely
addresses what you claim is the bias because individuals would still be
excluded from the term 'Organizations'.  I also don't really think it
matters.  Part of the reason this whole thing doesn't matter is that
sometimes people do know who a contributor they work with works for,
but most of the time they don't.  If you really want this to be
inclusive, you could change it to 'other contributors' but I'm still
not sure it's worth it.

> 
> Level 5 is amended to remove the invitation to exercise the same bias
> i.e. employees rewarded indirectly by other companies.

I also wouldn't remove the bit about seeking upstream feedback on
employees; I know from personal experience it happens a lot.

Regards,

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ