If only their staffers were like this judge: https://www.theverge.com/2017/10/19/16503076/oracle-vs-google-judge-william-alsup-interview-waymo-uber -- Matt Sicker
> On Jan 16, 2022, at 12:51, Sam Ruby <[email protected]> wrote: > > On Sun, Jan 16, 2022 at 1:25 PM Matt Sicker <[email protected] > <mailto:[email protected]>> wrote: > >> Building blocks could potentially be “components”; that term applies to >> physical supply chains, too. >> > > That works. I would probably start by saying "building blocks or > components", and then proceed with components from there. > > >> Emphasizing that the volunteer developers are still professionals, >> academics, etc., is certainly important. I’ve seen enough people aghast how >> we at the Log4j project are all unpaid; many of us have spent countless >> hours at work using and extending Log4j where we’ve been able to contribute >> our changes back to the project. Sure, many of us also work on this in our >> spare time, but the volunteer aspect is strictly that Apache doesn’t pay us. >> > > Agreed. Earlier papers (such as the one sent to the white house) took that > approach. My current thinking is to not mention volunteer at all, and lead > with the description that we want them to understand. > > JNDI can potentially be described as a standard programming component used >> for looking up directory information from LDAP and other similar >> technology. It may help to mention that LDAP is a directory service (maybe >> they’re familiar with Active Directory or some other phonebook-like >> directory service). >> > > We tried pretty much exactly that (it happened to be David talking at the > time) with Senate Staff. Eyes glazed over. At the end one of the Staffers > said that he had just picked up a book on Python for Dummies. > > My assumption is that that staffer is ahead of the curve with respect to > other staffers, and that staffers in general are more technically savvy > than the senators that they serve. > > -- >> Matt Sicker >> > > - Sam Ruby > > >>> On Jan 16, 2022, at 11:55, Sam Ruby <[email protected]> wrote: >>> >>> On Sun, Jan 16, 2022 at 12:40 PM Gilles Sadowski <[email protected]> >>> wrote: >>> >>>> Le dim. 16 janv. 2022 à 17:13, Sam Ruby <[email protected]> a >> écrit : >>>>> >>>>> In discussions with US Senate Staffers, it became apparent that there >> is >>>>> a need for a less technical description of both open source >>>> >>>> Presenting the rationale for open source to code that "does not >>>> provide [...] competitive advantage" is self-deprecating IMHO. >>>> >>> >>> Fair. Some background: many of the people the ASF interacted with last >>> week came in with the impression that open source software was primarily >>> written by amateur hobbyists with too much spare time on their hands. >>> After all, why would any business want to give away their hard own work? >>> >>> Here's what we are up against, and this includes a quote from the person >>> who called the meeting at the White House: >>> >>> Log4j is open-source software that’s maintained by a gaggle of volunteer >>> programmers as a part of the nonprofit Apache Software Foundation, one >>> among dozens of open-source initiatives which have change into an >> important >>> part of worldwide commerce. >>> >>> Neuberger described open-source software as “a witch’s brew” that’s >> “built >>> by volunteers, broadly used, and not managed”. >>> >>> -- >>> >> https://mywinet.com/some-federal-systems-affected-by-software-flaw-us-official-says/ >>> Is there a better way to capture the motivation of businesses to >> contribute >>> to open source? >>> >>> >>> >>>>> and the >>>>> Log4J vulnerability. >>>> >>>> Not using "jargon" in that section makes it more difficult to follow for >>>> programmers while probably not any clearer for non-programmers. >>>> Since "code" and "library" have been defined in the first section, the >>>> usual terms could then be used afterwards as appropriate. >>>> >>> >>> I'm not convinced. Yes, building block is jarring to me, even though I >>> know what it meant. Think about how jarring code or library would be to >> a >>> reader for which these are not common uses. >>> >>> I picked up the term building block from a lawyer who is experienced in >>> these matters. He repeated back to us what he heard us say, and used >> this >>> term. >>> >>>> I've taken a first stab at this, and placed it here: >>>>> >>>> >> https://cwiki.apache.org/confluence/display/COMDEV/Log4j+vulnerability+background >>>> >>>> s/Software Build of Materials/Software Bill of Materials/ >>>> ? >>>> >>> >>> Fixed. Thanks! Feel free to directly update the page >>> >>> >>> >>>> Best regards, >>>> Gilles >>>> >>> >>> - Sam Ruby >>> >>> >>> >>>>> As always, this is on a wiki. You know what you need to do! >>>>> >>>>> - Sam Ruby >>>>> >>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: >> [email protected] >>>> For additional commands, e-mail: >>>> [email protected] >>>> >>>> >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [email protected] >> <mailto:[email protected]> >> For additional commands, e-mail: >> [email protected] >> <mailto:[email protected]>
