On 10/27/20 5:20 AM, Eliot Lear wrote:
Hi Roman and thanks for the feedback. Just on this point…
On 27 Oct 2020, at 12:56, Roman Danyliw <rdd@xxxxxxxx> wrote:
[Roman] The text proposed for the vulnerability reporting web page is longer (and more complex and certainly not KISS), but significantly less ambitious than yours in scope. It appear that your concise text would redefine the IETF culture and process about handling a certain class of information. That’s a big step that would require a comprehensive discussion and deliberate consensus process around it. What’s being proposed instead is an initial outreach step with a “Tao of the IETF”-style prose which explains the as-is process to an IETF newcomer on reporting vulnerability information – almost no new process/culture invented (there will be a new email alias which will act as a final catch all).
I certainly didn’t set out to change culture OR process. How do you think I’ve done that? Perhaps it sounded as if the mailing list is intended to gate keep? Certainly not what I had in mind. Just to route. All the usual processes would still apply to what happens next, and the routing function should not be lossy.
So coming in here a bit late, but isn't the basic problem is that working groups don't want to hear criticism or take it seriously? So if you figure out problems with the protocol it's pushing on string at best and snarl inducing at worst. It would be great if working groups were receptive to issues, but there is every incentive to ignore or ridicule problems. And then of course there is the problem that there may not be a working group anymore.
Mike, who has experienced this repeatedly
