"G. Branden Robinson" writes:
> My two cents[4] is that DSA should make its purchasing and hardware
> solicitation decisions with the architectural security issue fairly far
> down the priority list. It saddens me to say that, but this new class
> of exploits, what van Schaik et al. call
At 2019-06-01T09:04:39+0200, Philipp Kern wrote:
> Are we then looking more closely at AMD-based machines given that
> those had less problems around speculative attacks?
To borrow a phrase from Christopher Hitchens, this comment gives a
hostage to fortune.
My team at work closely follows (and
Jonathan Carter writes:
> On 2019/06/01 19:55, Russ Allbery wrote:
>> I very much doubt that our current donation-driven model would generate
>> US $1M per year on a sustained basis, particularly if you subtract
>> DebConf out of the mix (which I think we should, because that money is
>>
On 2019/06/01 19:55, Russ Allbery wrote:
> I very much doubt that our current donation-driven model would generate US
> $1M per year on a sustained basis, particularly if you subtract DebConf
> out of the mix (which I think we should, because that money is essentially
DebConf tends to bring in
Adrian Bunk writes:
> On Fri, May 31, 2019 at 04:07:54PM -0700, Russ Allbery wrote:
>> I could well be entirely wrong, but the part that I would expect to be
>> the most controversial is that, once Debian starts spending project
>> money to pay people to do work that other people in the project
On Sat, Jun 01, 2019 at 12:29:04PM +0200, Tollef Fog Heen wrote:
>]] Russ Allbery
>
>> These dynamics change a *lot* when the money is coming from
>> the project itself. That money is special; it's not just one more company
>> or foundation or whatnot that is providing resources to aid in a
On Sat, Jun 01, 2019 at 12:29:04PM +0200, Tollef Fog Heen wrote:
> ]] Russ Allbery
> > Particularly now that my free time is rarer and more precious to me,
> > doing unpaid work for an organization that also has paid staff is
> > hugely demotivating. It's entirely plausible that paying for
> >
On Sat, Jun 01, 2019 at 09:09:26AM -0400, Sam Hartman wrote:
> > "Adrian" == Adrian Bunk writes:
>
> >>
> >> Talking about the issues involved in paying people to do work.
> >> What the options are, collecting people's concerns etc.
> >>
> >> I actually think the first
> "Adrian" == Adrian Bunk writes:
>>
>> Talking about the issues involved in paying people to do work.
>> What the options are, collecting people's concerns etc.
>>
>> I actually think the first round of that can be done without
>> significant access to numbers.
> "Ondřej" == Ondřej Surý writes:
Ondřej>It might be worth looking on how other organizations in
Ondřej> our ballpark are doing stuff. f.e. IETF/ISOC is in similar
Ondřej> situation to Debian/SPI.
I'm no longer really involved in the IETF, but I was involved in the
IETF for
]] Russ Allbery
> These dynamics change a *lot* when the money is coming from
> the project itself. That money is special; it's not just one more company
> or foundation or whatnot that is providing resources to aid in a general
> volunteer project. It becomes a loaded statement about what
> But yes, it's entirely possible that I'm being too cautious.
I'd say, being cautious in this case is very warranted.
One of the things, that are good about Debian is, that it's _not_ cooperate.
"You will not work for free for a company. Debian is not a company."
Throwing in money has a high
On Fri, May 31, 2019 at 11:46:02PM -0600, Eldon Koyle wrote:
> On Fri, May 31, 2019 at 5:08 PM Russ Allbery wrote:
> >
> > Adrian Bunk writes:
> >
> > > My biggest high level concern is the income side, since this is the most
> > > difficult part and will likely also be the most controversial
On Fri, May 31, 2019 at 04:07:54PM -0700, Russ Allbery wrote:
> Adrian Bunk writes:
>
> > My biggest high level concern is the income side, since this is the most
> > difficult part and will likely also be the most controversial one.
>
> I could well be entirely wrong, but the part that I would
Again I would suggest looking at https://tools.ietf.org/html/rfc4071 as a start
to learn from the experience of others.
It’s a change in paradigm, but somehow I feel that this is needed if we want to
keep up to par with other parties in the same field.
P.S.: At no point of time I am speaking
On 5/31/2019 11:04 PM, Luca Filipozzi wrote:
> Before you ask: an insecure hypervisor is an insecure buildd.
Are we then looking more closely at AMD-based machines given that those
had less problems around speculative attacks?
Kind regards
Philipp Kern
It might be worth looking on how other organizations in our ballpark are doing
stuff.
f.e. IETF/ISOC is in similar situation to Debian/SPI. I am not directly
involved in looking into IETF financials, but they have contracts for certain
functions (Ops, RFC Editor to name few, for full list see
17 matches
Mail list logo