lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 20 Jun 2023 13:50:21 +1000 (AEST)
From:   Finn Thain <fthain@...ux-m68k.org>
To:     James Bottomley <James.Bottomley@...senPartnership.com>
cc:     corbet@....net, dan.j.williams@...el.com,
        gregkh@...uxfoundation.org, keescook@...omium.org,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
        tech-board-discuss@...ts.linux-foundation.org, tytso@....edu
Subject: Re: [PATCH] Documentation: Linux Contribution Maturity Model and
 the wider community

On Mon, 19 Jun 2023, James Bottomley wrote:

> On Mon, Jun 19, 2023 at 07:41:57PM +1000, Finn Thain wrote:
> > The Linux Contribution Maturity Model methodology is notionally based 
> > on the Open source Maturity Model (OMM) which was in turn based on the 
> > Capability Maturity Model Integration (CMMI).
> > 
> > According to Petrinja et al., the goal of the OMM was to extend the 
> > CMMI so as to be useful both for companies and for communities [1][2].  
> > However, the Linux Contribution Maturity Model considers only 
> > companies and businesses.
> 
> That's not a correct characterization.  The model is designed to measure 
> and be useful to businesses, but it definitely considers the community 
> because it's progress is built around being more useful to and working 
> more effectively with the community.
> 

You're right, the characterization I gave does exaggerate the bias. I 
shall moderate that if I resubmit the patch.

> > This patch addresses this bias as it could hinder collaboration with 
> > not-for-profit organisations and individuals, which would be a loss to 
> > any stakeholder.
> 
> I don't really think changing 'Businesses' to 'Organizations' entirely 
> addresses what you claim is the bias because individuals would still be 
> excluded from the term 'Organizations'.  I also don't really think it 
> matters.  Part of the reason this whole thing doesn't matter is that 
> sometimes people do know who a contributor they work with works for, but 
> most of the time they don't.

This is not just about patches, it's also about incentives and influence.

> If you really want this to be inclusive, you could change it to 'other 
> contributors' but I'm still not sure it's worth it.
> 
> > 
> > Level 5 is amended to remove the invitation to exercise the same bias
> > i.e. employees rewarded indirectly by other companies.
> 
> I also wouldn't remove the bit about seeking upstream feedback on
> employees; I know from personal experience it happens a lot.
> 

If it happens a lot already, why compel employers to seek it?

It's worth noting that the model compels employers to seek "community 
member feedback" which is not the same as the "upstream feedback" that you 
describe.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ