Re: Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/08/2020, at 12:32 PM, Randy Bush <randy@xxxxxxx> wrote:

First, just to note that as feedback comes in, a new branch is being
updated to address that feedback:

in what way was i not clear about "internet draft?"  i have a nightly
rsunk direceory of all drafts and have no desire for yet more browser
tabs.

If your friend doesn’t like email then they can always add a github
issue directly.

my friend already gave at the office.  ex ietf sec ad.  has negative
desire to see anything like an ietf mailing list again.

I agree that it would be useful to include a time commitment but we
are in an unusual position as a semi-professional/semi-volunteer
organisation and it is therefore difficult for us to make commitments
about what volunteers can do.

you seem able to make excuses quickly. :)

what you do not seem to understand that the 90 day limit is what folk
will give you.  well, the polite ones.  you can like that or not.

I’m not sure why, but you omitted my next sentence "However, combining this with your last point, it’s not unreasonable for us to commit to 90 days so I’ve added an issue to capture that".

BTW 120 days is quite common (e.g ZDI) as is 45 days which is used by many CERTs.


It would be useful if your friend could provide details of where these
don’t work in practice and suggested fixes.

have the security ADs and operational security folk helped with this?

Yes.

Jay


randy


-- 
Jay Daley
IETF Executive Director
jay@xxxxxxxx

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux