Re: Concerns over transparency of informal kernel groups

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 25/10/2024 17:15, Jiaxun Yang wrote:
> Dear Linux Community Members,
> 
> Over the years, various informal groups have formed within our community,
> serving purposes such as maintaining connections with companies and external
> bodies, handling sensitive information, making challenging decisions, and,
> at times, representing the community as a whole. These groups contribute significantly
> to our community's development and deserve our recognition and appreciation.
> 
> I'll name a few below that I identified from  `Documentation/`:
> - Code of Conduct Committee <conduct@xxxxxxxxxx>
> - Linux kernel security team <security@xxxxxxxxxx>
> - Linux kernel hardware security team <hardware-security@xxxxxxxxxx>
> - Kernel CVE assignment team <cve@xxxxxxxxxx>
> - Stable Team for unpublished vulnerabilities <stable@xxxxxxxxxx>
>   (I suspect it's just an alias to regular stable team, but I found no evidence).
> 
> Over recent events, I've taken a closer look at how our community's governance
> operates, only to find that there's remarkably little public information available

Oh, spread more FUD under the cloak of helping the community. Reminds me
something, wait, how was it? zx?

> about those informal groups. With the exception of the Linux kernel hardware security
> team, it seems none of these groups maintain a public list of members that I can
> easily find.
> 
> Upon digging into the details, I’d like to raise a few concerns and offer some thoughts
> for further discussion:
> 
> - Absence of a Membership Register
> Our community is built on mutual trust. Without knowing who comprises these groups,
> it's understandably difficult for people to have full confidence in their work.

No, you might have difficulty, not "all people" which you imply. Please
stop creating sentences like you are speaking for others. You do not
speak for others.

> A publicly available membership list would not only foster trust but also allow us to
> address our recognition and appreciation.

Nope. For some of the groups it is very intentional to hide the
membership. It was explained already why and should be pretty obvious.

> 
> - Lack of Guidelines for Actions
> Many of these groups appear to operate without documented guidelines. While I trust each
> respectful individual's integrity, documented guidelines would enable the wider community
> to better understand and appreciate the roles and responsibilities involved.

Guidelines are well documented, although I understand something might be
missing. Feel free to extend the existing documentation, as usual,
patches are welcomed.

> 
> - Insufficient Transparency in Decision-Making
> I fully respect the need for confidentiality in handling security matters, yet some
> degree of openness around decision-making processes is essential in my opinion.
> Releasing communications post-embargo, for instance, could promote understanding and
> prevent potential abuse of confidential procedures.

Again, unspecified FUD.

> 
> - No Conflict of Interest Policy
> Particularly in the case of the Code of Conduct Committee, there may arise situations
> where individuals face challenging decisions involving personal connections. A conflict
> of interest policy would provide valuable guidance in such circumstances.

Feel free to propose patches instead of claiming there is problem for
others. If you identify issue, propose a patch.

Several other your replies earlier were in similar tone. I am not going
to engage in such discussions and probably neither other people, but
some think that silence is approval or agreement. Thus this reply. for
me this is just FUD.

Best regards,
Krzysztof





[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux