lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <9b9c034b-19b1-4f02-b7fc-3152526c82c4@app.fastmail.com>
Date: Sat, 26 Oct 2024 14:16:47 +0100
From: "Jiaxun Yang" <jiaxun.yang@...goat.com>
To: "Krzysztof Kozlowski" <krzk@...nel.org>, linux-kernel@...r.kernel.org,
 conduct@...nel.org, security@...nel.org, cve@...nel.org,
 linux-doc@...r.kernel.org, "stable@...r.kernel.org" <stable@...r.kernel.org>
Cc: "Linus Torvalds" <torvalds@...ux-foundation.org>,
 "Greg Kroah-Hartman" <gregkh@...uxfoundation.org>, shuah@...nel.org,
 lee@...nel.org, sashal@...nel.org, "Jonathan Corbet" <corbet@....net>
Subject: Re: Concerns over transparency of informal kernel groups



在2024年10月26日十月 下午12:05,Krzysztof Kozlowski写道:
>
> Oh, spread more FUD under the cloak of helping the community. Reminds me
> something, wait, how was it? zx?

I drafted this email with good will.

While I appreciate any constructive comments, this kind of unfair accusation
is unacceptable.

I'm not demanding anyone to take action, I'm just trying to be helpful.

>
>> about those informal groups. With the exception of the Linux kernel hardware security
>> team, it seems none of these groups maintain a public list of members that I can
>> easily find.
>> 
>> Upon digging into the details, I’d like to raise a few concerns and offer some thoughts
>> for further discussion:
>> 
>> - Absence of a Membership Register
>> Our community is built on mutual trust. Without knowing who comprises these groups,
>> it's understandably difficult for people to have full confidence in their work.
>
> No, you might have difficulty, not "all people" which you imply. Please
> stop creating sentences like you are speaking for others. You do not
> speak for others.

I never said "all" here, and just to quote:

"I am expressing the views of a number of people I talked to but it's not fair of me
to name them."

The same applies to this email as well. I actually did a private RFC before sending it.
Many people are unable to speak up here due to company affiliation and other concerns.

>
>> A publicly available membership list would not only foster trust but also allow us to
>> address our recognition and appreciation.
>
> Nope. For some of the groups it is very intentional to hide the
> membership. It was explained already why and should be pretty obvious.

I might be dumb in this case, do you mind giving me a pointer to the explanation?
I can draft patch to make it clear in documents.

>
[...]
>
>> 
>> - No Conflict of Interest Policy
>> Particularly in the case of the Code of Conduct Committee, there may arise situations
>> where individuals face challenging decisions involving personal connections. A conflict
>> of interest policy would provide valuable guidance in such circumstances.
>
> Feel free to propose patches instead of claiming there is problem for
> others. If you identify issue, propose a patch.

Thanks, I will. I'm just aiming to gather some feedback before proposing patches.
I also welcome patches from those more qualified than myself.

>
> Several other your replies earlier were in similar tone. I am not going
> to engage in such discussions and probably neither other people, but
> some think that silence is approval or agreement. Thus this reply. for
> me this is just FUD.

Again, I must decline to accept this sort of unfair accusation.

It's indeed not the tone I'm usually speaking on the mailing list. It ought
to be more straightforward for technical communications. However, in these
particularly challenging times, I'm striving to maintain a humble and respectful
tone whilst ensuring my views are clearly spoken. I'd be grateful for comments
expressing any dissatisfaction with my approach, but I feel that personal attack
ultimately do nothing constructive.

Thanks.
>
> Best regards,
> Krzysztof

-- 
- Jiaxun

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ