-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 11/21/2016 11:45 AM, Shawn Wells wrote: > Then there's the procedural side. Who has a say in who gets commit access? > Where does deliberation happen? Having a 'public vote' on the mailing list > risks turning into a popularity contest. Having a 'secret council' risks > loosing community trust. Both situations are equally unappealing. I'm not > really sure to handle this. And I recognize I'm likely over thinking this!
I'm still learning about the SSG community, but my suggestion would be to keep the deliberation process as public as possible. My experiences with open source communities have taught me that many assume the worst intentions when a decision was made in private. ;) You could send a briefing to the mailing list about a pending vote/deliberation/argument and hold a weekly/bi-weekly meeting on IRC to allow anyone to drop by and discuss it. This has worked fairly well in the complex OpenStack community. Long story short, you're not overthinking it at all. Open source software communities are always challenging and an open source community focused on security is even more difficult. ;) - -- Major Hayden -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJYPDXtAAoJEHNwUeDBAR+xutsP/j6O48fC+v7kmXf6xEcRSyfc kcs08HonSSW0S1HiRtnVrhEK1MNKEH3xWoKWcORjrw9CjYMPyZad/rTZIKWRnxZv 785KmA9Z9383LlwRVHElcfZ3CuhRr8T0CaZzasA/t7EO/NXXKsOVNMUVh/okIvkR fYbL0pYIwH6pJScm3FFztZfecNZJxWkyh/EEY/rMM1T3dcN1K3CUHyEMhj3B8cho ulmZtzVsspDZIA99/g9XHzVmPIiZgAGvBV3zT8yzhMheqIKGiirfhaa/eGR3l29j LQPmxVsgdXf3Rpr60OGWvUFMSp1P5pFOyDGsv0mw81jtWAU9ejsF54CCuIY3RN2Z UAzKobexOYWnCm2rDdmcIhNWdAUXIdw2QogvpkryUto2cwu00McmZniaTKvlfxh6 Z2tTCUVetIoVG62oOg7WLwScGH8yOzhJv5PQq4rLyqrUFUz0M7sQDSiHCuQ++Xst 2LdwibcGxOnHKcRlypy2pjmBrP3thi/SMSRs1JWcYra1R3CpHg7KwF82tbKznNQ4 zqajHEVQVHhYfxmGYh0GmLaGJvxri2dNwy7O/hOxKEWuF9gNQA1wMgPxrA4nH73S 8CGdlofeY9UXAdHXd+2UQ5v4afZqMZFSQrkIn5chjKMt99QpD51k15grDvHvSwz4 lGSwpjyIAN5fFvOfGTO0 =tOBH -----END PGP SIGNATURE----- _______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected]
