lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Jun 2023 13:48:59 +1000 (AEST)
From:   Finn Thain <fthain@...ux-m68k.org>
To:     Greg Kroah-Hartman <gregkh@...uxfoundation.org>
cc:     Jonathan Corbet <corbet@....net>,
        tech-board-discuss@...ts.linux-foundation.org,
        Theodore Ts'o <tytso@....edu>,
        Kees Cook <keescook@...omium.org>,
        Dan Williams <dan.j.williams@...el.com>,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Documentation: Linux Contribution Maturity Model and
 the wider community


On Mon, 19 Jun 2023, Greg Kroah-Hartman wrote:

> On Mon, Jun 19, 2023 at 07:41:57PM +1000, Finn Thain wrote:

> > @@ -103,7 +103,6 @@ Level 5
> >  
> >  * Upstream kernel development is considered a formal job position, with
> >    at least a third of the engineer’s time spent doing Upstream Work.
> > -* Organizations will actively seek out community member feedback as a
> > -  factor in official performance reviews.
> 
> Why are you removing this?  I write more performance reviews now than I 
> have have in my life, all for companies that I do NOT work for.  That's 
> a good thing as it shows these orginizations value the feedback of the 
> community as a reflection on how well those employees are doing at their 
> assigned job.  Why are you removing that very valid thing?
> 

I'm not preventing that. That's covered by level 4 and my patch only 
alters level 3 and level 5.

Bonuses and salaries are tied to performance reviews so the hazard here 
are clear. Level 5 compels companies to seek feedback and naturally they 
will seek it from companies who share their goals. You ask too much of 
employees if you expect them to put aside the corporate agendas and pursue 
the interests of the wider community.

Countless lawsuits over the last few decades made it abundantly clear that 
the goals of companies often diverge from those of the wider FLOSS 
community.

Consider all of the open source code thrown over the wall, the binary 
blobs, the binary modules, the built-in obsolescence, the devices shipped 
with vulnerabilities now reduced to e-waste because they cannot be fixed, 
the vendor lock-in strategies, the walled gardens, the surveillance etc.

To my jaded mind, it is obvious that such reprehensible strategies can be 
advanced by co-operative employees given inducements from colluding 
companies. My patch won't prevent this sort of behaviour but it does 
remove a directive that would help facilitate it.

Greg, if you want to see more performance reviews, the maturity model 
could compel companies to provide unsolicited feedback, instead of seek it 
from an arbitrary source. Would you be amenable to a revised patch along 
those lines?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ