* Joseph Kowalski <jek3 at sun.com> [2007-01-24 13:54]: > > I hope I'm not throwing down a glove here. > > There has been a lot of posturing about having various FOSS bits > conforming to various policies. > For the most part, there are good points on either side. > > However, I want to assert two things: > > 1) There is *no* justification for exceptions to the security policy. Various out-of-band conversations are working through ways to separate and resolve the various policies involved. The proposal already met the requirements of the no-third-party-setuid policy; we're now examining the difficulties around cryptographic consumers.
> 2) There are precedents for many policies, such as those > associated with the CLIP/getopt stuff. If we aren't going to > conform to those policies here, because we think we have a better > policy or a formal exception set we need to officially state the > amendment to the policy. Makes sense; is there a good catalogue of applicable policies? (I think the CLIP one is already sensible about incoming OSS.) It seems to me that we have an adjustable scale of "burdenedness" for each policy, between primarily primarily initial <---------------------> expert integrator community For security, it's absolutely to the left. For cryptography, likely to the left as well (although I'd like to see the cryptography-oriented members of the Security Community actively get OSS using better OpenSolaris interfaces now, rather than deferring to a hypothetical future integration.) For other policies, it's less clear that initial integration should be made so heavyweight. - Stephen -- Stephen Hahn, PhD Solaris Kernel Development, Sun Microsystems stephen.hahn at sun.com http://blogs.sun.com/sch/
