non-disclosure of infrastructure problem a management issue?

Jeff Spaleta jspaleta at gmail.com
Mon Aug 25 15:57:34 UTC 2008


On Mon, Aug 25, 2008 at 6:46 AM, Bruno Wolff III <bruno at wolff.to> wrote:
> I am a stake holder and I don't see any problem stating that my interests
> weren't properly protected. With Fedora's stances on openness, I believed
> they extended to security breaches as well.

You have just stated an uncommunicated expectation on performance.
That belief needs to be part of a guiding process document that all
the stakeholders can agree to abide by.
> If they intend to act this way
> to future incidents that is going to affect how I value participating in this
> project.

If the community doesn't do the work to put a Fedora specific incident
reporting policy in place that meets its own needs.. then this could
very well happen again and be handled in a way that community didn't
expect.  There's no guarantee that this will happen again when the
same individuals are in place to remember any personal lessons learned
from this one.  I sure as hell hope to not be 'in pocket' the next
time something like this happens.

Without a policy document in place, we run the risk of different
people blamelessly repeating history they personally did not live.
Can't really expect people to have read the specific griping in this
thread, several years later.  The expectation on incident reporting
performance must be documented and agreed to as part of a workable
process for the Project.  If that doesn't happen, if you don't help
make that happen, then there's no justifiable reason to expect things
to be different next time.  Voicing a concern in meandering
mailinglist thread is not crafting sustainable project policy.

-jef




More information about the fedora-list mailing list