Re: RFC 8252 [Process and reviews]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On 7/14/23 2:39 PM, Brian E Carpenter wrote:

Michael,
This is why I'm so concerned about why this happened and how to prevent something like this happening in the future. That's especially true when it involves security risks at a very large scale.
We have public IETF last calls, we have organized review teams, we have a published IESG agenda and announced IESG telechats, and we have substantive IESG comments and ballot positions in the datatracker. All of these are intended so that any community member can intervene right up to the point of IESG approval. Then we have a window of two months during which any community member can appeal an IESG decision.
People who are not on ietf-announce@xxxxxxxx and last-call@xxxxxxxx have chosen not to participate in these parts of the IETF process.
I really don't see what else we can do to detect and correct IESG errors. This long after the event, there is no process recourse, but a new BCP is always an option. Have you written a draft?
Brian. I am reminded about the DNS race condition problem. It made it past last call probably 30 years ago. What you seem to be saying is that those of us who didn't pay attention back at last call should shut up because we had our time to diagnose the problem at that time. Almost nobody knows what the proper way is to push the panic button. This is a highly IETF-centric view of the world and sends the message that IETF is insular and is not interested in outside review. Is that what you want? That outside review is discouraged? That moderators should squash that? That has been the net effect of this thread that outside review is not appreciated and that the mods are acting as that cat's paw.
Yes, I am not on the those lists. What of it? Are you trying to say that nothing should change on the ground after that? Or that it is irrelevant? Or that not knowing the precise process invalidates the finding? Trying to shame me serves no purpose other than to shame somebody who discovers a problem long after the fact. Paul Vixie at least had a lot of cred with DNS. Me, I'm a nobody. So is it really credentialism that is important? Is that what IETF wants? Do you want us to shut up because we have no creds? That our jobs (or lack thereof) is not 100% focused on IETF? 

Mike
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux