On Mon, 23 Jun 2014 14:08:18 -0400 "Alain Forget" <aforget@xxxxxxx> wrote: > > > >-----Original Message----- > >From: ciphershed-bounce@xxxxxxxxxxxxx [mailto:ciphershed- > >bounce@xxxxxxxxxxxxx] On Behalf Of Niklas Lemcke - ??? > >Sent: Monday, June 23, 2014 13:16 > >To: ciphershed@xxxxxxxxxxxxx > >Subject: [ciphershed] Re: Organization structure? > > > >On Mon, 23 Jun 2014 12:33:55 -0400 > >"Alain Forget" <aforget@xxxxxxx> wrote: > >> -----Original Message----- > >> From: ciphershed-bounce@xxxxxxxxxxxxx [mailto:ciphershed- > >bounce@xxxxxxxxxxxxx] On Behalf Of Niklas Lemcke - ??? > >> Sent: Monday, June 23, 2014 11:01 > >> To: ciphershed@xxxxxxxxxxxxx > >> Subject: [ciphershed] Re: Organization structure? > >> > >> > >> > >> On Mon, 23 Jun 2014 22:58:56 +0800 > >> Niklas Lemcke - 林樂寬 <compul@xxxxxxxxxxxxxx> wrote: > >> > >> > On Mon, 23 Jun 2014 10:54:44 -0400 > >> > "Alain Forget" <aforget@xxxxxxx> wrote: > >> > > >> > > > >> > > On Mon, 23 Jun 2014 09:35:29 -0400 > >> > > Stephen R Guglielmo <srguglielmo@xxxxxxxxx> wrote: > >> > > > >> > > > On Mon, Jun 23, 2014 at 7:57 AM, Bill Cox <waywardgeek@xxxxxxxxx> > >wrote: > >> > > > > I prefer for CipherShed to remain an unincorporated non-profit for > >> > > > > now, though when we do incorporate, it should not be in the US. > >> > > > > Someone with expertise in the local laws of whatever country hosts > >> > > > > CipherShed will have to be involved. > >> > > > > > >> > > > > I like what I have read so far about Adobe's PMC structure. > >> > > > > Perhaps > >> > > > > we could start with a simplified version and grow from there? > >> > > > > > >> > > > > The PMC structure seems similar to many co-ops. Co-ops typically > >> > > > > elect board members each year. I think eventually, we may want a > >> > > > > structure like that, but right now, how many actual contributors do > >we > >> > > > > have? Isn't it something like 10-ish people? While that is large > >> > > > > for > >> > > > > a board, it seems silly for 10 people to vote for 5 of us to be on > >> > > > > a > >> > > > > board. We have only six "authors" listed on the web site, and > >> > > > > that is > >> > > > > certainly not too many for an initial steering committee. There > >> > > > > are > >> > > > > people missing from this page, who are contributing. Should we ask > >> > > > > that to have a vote, contributors need to allow us to list them on > >> > > > > the > >> > > > > About page? > >> > > > > > >> > > > > I also continue to feel strongly that we need geeks who can verify > >and > >> > > > > protect the code base to be responsible for the code. I think we > >> > > > > should have a "security team" for this. This would be people > >> > > > > willing > >> > > > > to sign that they have personally verified releases, and likely > >> > > > > includes most of us who write code to start. This team should not > >> > > > > try > >> > > > > to do the job of the steering committee (or whatever we call it). > >> > > > > It > >> > > > > should instead narrowly focus on security, but should have the > >> > > > > final > >> > > > > say over code-related issues. > >> > > > > >> > > > I tend to agree with Bill. I think we should define a specific > >> > > > "security team" to manage security and related issues. I do think our > >> > > > project is too small right now to have a full-blown Project > >> > > > Management > >> > > > Committee right now, but maybe that is something we should start > >> > > > establishing now so when we do need it in the future, it'll be there. > >> > > > > >> > > > >> > > Not sure if I understood correctly. Security Team next to a PMC, or for > >> > > now just a Security Team, which later may be expanded to a PMC-ish > >> > > structure? > >> > > > >> > > Pls help > >> > > >> > I agree with you on the last paragraph, Alain. > >> > > >> > Also, I appreciate you to try and not top-post. But write above my > >> > signature next time ;) > >> > > >> > >> However, I do think the QA / security core should have the last say > >> concerning code being merged or not. > >> > >> When and how should we proceed to officially form those two groups? I > >> think it's a good idea to have them in place early, before there are > >> too many people that make things complicated. > >> > >[here's where your message should be] > > > >Hi Alain, > > > >I actually meant that. As you can see, when you write below the -- all > >of your message gets parsed as a comment, and thus NOT added to a reply > >to you. Please write above my signature. As you may have observed, my > >mailing client (Claws-Mail) does not include others signature by > >default. Here signature means not me writing my name, but everything > >that gets added automatically with a "--" before. It will be clear who > >wrote what by the different indents, and possibly people writing their > >name under their posts. Weirdly enough, your client decided not to > >indent my quote. Maybe you can find a setting there? > > Geez, who knew e-mail could be so complicated?? Yeah, my client was > previously not adding chevrons (>) because I previously had them disabled, > since I felt they only added unnecessary text. However, I have now added them > back in, since they are clearly now useful. > > Regarding the sig...well, I'll try not to post below that, but I can make any > promises I won't do it by accident. I don't think it's realistic to expect > others know and remember all the little quirks/things that everyone's various > mail clients may or may not do. Honestly, the only thing I think it's fair to > assume is that e-mail is text. :-P Beyond that, whatever people or clients > will do with that text...well, anything goes. > > > Still thank you for not top-posting. :D > > You're welcome, and when appropriate (i.e. when others in a thread have > already bottom posted), I will try to continue bottom-posting, but I still > reserve the right to top-post, as is my custom. :-P > > >As you already noted, the integrity and security of the code is of > >paramount importance. That is why on that matter the Security Team > >should be able to tell the not-security specialized PMC that they don't > >know what they're talking about and should go to hell. Right? Basically > >they should have a veto of some kind to stop the PMC from deciding > >things that are security-wise not wise (see what I did there). > > Ah yes, I think I do agree with this: Before a new code change to be > integrated into the main branch, BOTH the PMC and the Security/QA team have > to give it their stamp of approval. > > >I can create a thread in the forum only visible to dev's and have a > >poll there. How about it? I think the vote should be anonymous, or at > >least not have to be open. So feel free to nominate, I will then add > >new nominees to the list. Those taking part in the discussion here that > >are not devs or contributors in the forum yet can send me their nick > >and I'll add them. However, the forum poll only allows yes or no. I > >just put it up for now, but we can also switch to something else if you > >want. > > > >https://ciphershed.org/forum/viewtopic.php?f=10&t=42 > > Please add my nick: aforget . So I'm guessing this means that, if there are > no objections, we'll go ahead with the PMC member nomination & voting > scheme/procedure I outlined? You're good to go. > > Any other feelings about the anonymous versus non-anonymous? > > Yes or no is fine, since people can just not vote to abstain. > > >Niklas > > > > Alain > > -- Niklas At the time of writing, no warrants have ever been served to me, Niklas Lemcke, nor am I under any personal legal compulsion concerning the CipherShed project. I do not know of any searches or seizures of my assets.
Attachment:
signature.asc
Description: PGP signature