lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20241027011422.GA3842351@mit.edu>
Date: Sat, 26 Oct 2024 21:14:22 -0400
From: "Theodore Ts'o" <tytso@....edu>
To: Jiaxun Yang <jiaxun.yang@...goat.com>
Cc: linux-kernel@...r.kernel.org, conduct@...nel.org, security@...nel.org,
        cve@...nel.org, linux-doc@...r.kernel.org,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        Linus Torvalds <torvalds@...ux-foundation.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>, shuah@...nel.org,
        lee@...nel.org, sashal@...nel.org, Jonathan Corbet <corbet@....net>
Subject: Re: Concerns over transparency of informal kernel groups

On Sat, Oct 26, 2024 at 05:33:16PM +0100, Jiaxun Yang wrote:
> That being said, I'll try to improve the documentation on these things
> based on my observations. My background perhaps makes me particularly
> sensitive to some ambiguous language, especially where "constructive
> ambiguity" might be involved. Recent events make me started to look
> into those aspects in border community.

Well, make no mistake, there *is* a lot of ambiguity, because we don't
really have a centralized governance structure other than Linus has
the benvelent dictator.  The general philosophy is to have just as
much structure as necessary, but no more.  We do need to have a legal
organization to sign contracts with hotels, caterers, etc., for the
purposes of organizing conferences.  That is one of the roles of the
Linux Foundation.  But just because the Linux Foundation organizes
conferences, and accepts corporate donations, and pays Linus's salary,
*doesn't* mean that they get to dictate to Linus what he does, or
anything about what code does or doesn't get accepted into the Linux
kernel.  As Jim Zemlin, the Executive Director of the Linux Foundation
has been known to have said, he works for Linus, and not the other way
around.

This is not the only way to organize an open source project, of
course.  For example, the Rust community has a lot more structure
process.  I will note that this has not reduced the amount of
organizational drama and contrversy.  In fact, some might argue that
their governance structures may have caused some of the more recent
drama that lead to some people stepping down from official leadership
roles....

Or you can take a look at some of the BSD projects, which early on had
a lot of drama and some of the BSD forks based on who was officiallty
part of the core team, and who wasn't (or who was thrown off of the
core team).  It's perhaps because of that drama in the early 90's that
some of us who were around during that era rather consciously rejected
the formation of anything like the BSD formal core team model, because
we saw the dysfunction that could result from it.

There are limits to the informal model, of course.  One of the ways
that we have tried to make it scale is that there is great value in
making sure that the kernel developers have face time with each other.
It's one of the reasons why I organized the Linux Kernel Summit, which
later morphed into the Maintainer's Summit.  It's why there are many
people who spend a huge amount of time organizing the Linux Plumbers
Conference and other workshops, whether it's the Linux Security
Symposium, or the Linux Storage, File Systems, and MM workshop, or
Netconf.  The ability for us to see each other face to face, and break
bread together, makes the human relationships real in a way that
avoids e-mail conversations alone can turning into flame wars.

More recently, some subsystem teams have started regular video chats.
They aren't a substitute for in-person meetings, but they still are
valuable in terms of having that higher bandwidth conversation where
the non-verbal cues can humanize the personal connection.

Of course, like all things, there are tradeoff and limitations.
Attendance at in-person meetings can be hampered by real-world
considerations such as the cost of travel, or the need to get travel
visas, or for people for whom English is not their primary language,
they might be able to use Google Translate for e-mail, but that
doesn't work that well for in-person meetings or video conferences.
Some of these can be mitigated; the Linux Foundation has a travel
scholarship fund for people who can't get corporate sponsorship for
their travel, and many conferences now have a hybrid option for people
who can't attend in person for whatever reason.  But the language
barrier can still be an issue for some.  Maybe someday we will have
something like Star Trek's universal translator...

The bottom line, though, that any organization is made up of *people*,
and so there is no substitute for personal relationships and trust.
If you don't have that, I doubt any amount of organizational structure
can save you, and in fact, to the extent that some people might try to
game the formal rules/structure, it might actually make things worse.

Cheers,

					- Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ