Proposal
Ian Smith
smithi at nimnet.asn.au
Thu Apr 10 09:29:19 UTC 2014
On Wed, 9 Apr 2014 19:00:52 +0100, Pawel Biernacki wrote:
> On 9 April 2014 17:08, Joe User <mailinglists at rootservice.org> wrote:
> > On 09.04.2014 17:29, Pawel Biernacki wrote:
> >> [snip]
> >> We need more transparency here.
> >>
> >
> > Please read this and other related threads and you'll understand that
> > the FreeBSD-SecTeam had no real chance to react earlier than they did.
> > http://seclists.org/oss-sec/2014/q2/22
> >
> > In fact, they were realy fast, thanks therefor.
Personally, I'm well impressed by the speed (and care) with which this
happened, in the by now very well explained course of events. Special
thanks to Xin for all the single-threaded work and Dag-Erling for the
explanations, though I'm sure there were other willing hands on deck.
> Interesting lecture, thank you. But if FreeBSD SO wasn't on the
> mentioned list it's an argument for payable position because that can
> help developing more efficient social network in the future ;-).
That's no argument for a paid SO at all, but seeing a few people banging
on how throwing money at such problems could or should help, I'd like to
offer a counter argument - off-topic as this whole aspect surely is.
In a largely voluntary project such as FreeBSD, or for that matter any
number of community volunteer efforts, the introduction of paid staff
can - unless handled with extreme sensitivity - be a kiss of death.
As soon as there's someone/s whose paid job it is to perform such roles,
many of the other, voluntary members of a team such as Security are more
likely to tend to sit back and expect or allow the employee to 'do his
or her job'. However well-meaning, that's a natural tendency that can
often dissipate the collaborative energies of enthusiastic volunteers;
I've seen this occur in many once-voluntary organisations over 40 years.
As far as I can determine, the Foundation already supports the SO and
other senior developers in other useful ways; conference accomodation
and travel, access to infrastructure, etc, and provides grants to people
for specific projects, including ongoing ones like Release Engineering;
this is entirely appropriate and serves to consolidate voluntary energy,
not to compete with it.
My 2 Yen - I know, not worth much these days - Ian
More information about the freebsd-security
mailing list