Frank Hecker wrote: > If you're wondering why I'm reluctant to commit on this, I have the > selfish motivation that I don't want mozilla.org staff (including me) > to have to specify in advance excactly what should be done for each > and every possible contingency. I would prefer to delegate to the > module owner, peers, and the security bug group where possible.
But you are delegating to a small, selected and confidental group. I think that the policy should be decided by the public. (Actually, I think that this is of vital importance.) > To repeat, I'm not confident in our ability to pick (especially in > advance) a single time limit scheme that everyone is happy with and > that will make sense in every possible combination of circumstances. > However I'm happy to have experience to prove me wrong, and if we > adopt an initial policy without fixed time limits, I'd be glad to go > back and revisit the question later. Note that other organizations did specify hard time limits for such matters. (Not that I would agree with their policies, but for other reasons :).)
