In this case this person will need to write more than just "I wanna be there", otherwise he will be rejected like any other random spammer. He will need to describe the situation and show others that he is trustworthy person who is able to help.
Imagine there would be a discussion on the security mailing list at the same time, and we would be discussing a critical vulnerability that immediately gives the attacker root on the server. Are you Ok with giving the exploit to this person? This is more question about trust, being a user or paying customer doesn't help here much. Alex On 05/31/2010 06:20 PM, Vincent Massol wrote: > > On May 31, 2010, at 6:18 PM, Caleb James DeLisle wrote: > >> >> >> Vincent Massol wrote: >>> On May 31, 2010, at 5:02 PM, Alex Busenius wrote: >>> >>>> Hello, >>>> >>>> >>>> The new mailing list [email protected] was created. All core commiters >>>> will be on this list. >>>> >>>> This is *not* an announcement list, it is meant for technical >>>> discussions about security issues. However, everyone can write to this >>>> mailing list, e.g. to report security issues (mails will be reviewed by >>>> the administrator first). >>>> >>>> If somebody else is interested in contributing to discussions on that >>>> list, he or she should write a mail on the dev-list asking for access. >>>> If the commiters agree (meaning that nobody is -1 on it, similar to a >>>> proposal) this person will get access. >>> >>> We also need to define who can get access. IMO: >>> - persons who have submitted security issues in jira >>> - persons who've submitted security patches >>> - persons who have been contributing to xwiki for a long time >> >> These seem like nice guidelines but must we disallow people who we all know >> will help the discussion because they don't meet the requirements? >> >> IMO we can't define what makes someone unsuitable for the list but will know >> them when we see them. > > It's much better to have a list of examples of what constitutes a valid > request than not having it. This is useful not only for committers to vote > but also for the person who ask so that he knows how to qualify. > > Otherwise voting is about thin air... and you're going to hurt people Caleb > (+ generate unnecessary requests, votes and rejections). > > Take this example: > > I'm someone who has installed XE at my company. I want to be sure I know > about security issues and I'm even ok to take part in the discussion about > these issues. I sent a mail to the dev list asking to be on that list. Note > that I have not sent any prior email to the list but I have participated (for > ex) to other open source projects. > > How ar you going to reject me or accept me? And if you reject me you need to > give me a reason. What reason will it be? > > As you can see you'll have to list the reasons anyway and it's much better to > do it upfront (even if the list is not complete) than not. > > Also if you reject me I'll be offended. I'm not a script kid. I'm someone > honest and serious. How dare you reject me! This is not a real open source > project! ;) > > Thanks > -Vincent > >> Also it seems that rules stop people from doing the right thing while >> people with bad intentions are usually more motivated and will thus find a >> way >> around the rule. >> >> My +1 is for a case by case basis. >> >> Caleb >> >>> >>> WDYT? >>> >>> Thanks >>> -Vincent >>> >>>> Alex >>>> >>>> >>>> On 05/26/2010 01:02 PM, Alex Busenius wrote: >>>>> Hello devs, >>>>> >>>>> >>>>> I propose to introduce a security mailing list ([email protected]) to >>>>> discuss details of security issues. >>>>> >>>>> This list should be private, with only committers and trusted >>>>> contributors having read and write access. Anyone who proved his good >>>>> intentions on the dev-list and bug tracker should be able to get access >>>>> to security-list through the usual vote procedure. >>>>> >>>>> The purpose of this list is to give a safe place to discuss details open >>>>> security issues without giving all script kiddies in the world examples >>>>> to write exploits. The discussions should be kept on this private list >>>>> until the corresponding fix is released. >>>>> >>>>> WDYT? >>>>> >>>>> >>>>> Alex >>> _______________________________________________ >>> devs mailing list >>> [email protected] >>> http://lists.xwiki.org/mailman/listinfo/devs >>> >> >> _______________________________________________ >> devs mailing list >> [email protected] >> http://lists.xwiki.org/mailman/listinfo/devs > > _______________________________________________ > devs mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/devs > _______________________________________________ devs mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/devs
