Hoi,
There are two conflicting approaches to vulnerabilities known to
"government"; vulnerabilities make government vulnerable and therefore they
need to be handled properly in code. The other approach is that a
vulnerability is a vector to attack.
When Mrs Coleman works for the WMF, it follows that when she learns
privately about vulnerabilities, they will be fixed discreetly. I am happy
with that. When she does not learn about vulnerabilities and does not know
about them either, nothing is different for us. When she actively knows
about vulnerabilities and vectors to attack MediaWiki and does not share it
with developers to fix them, she has a clear conflict of interest and
should seek another job.
For me a simple statement that she works for the Wikimedia Foundation and
will do everything in her power to make MediaWiki as good as it gets
suffices. Anything more will get us in paranoia territory, we should not go
there.
Thanks,
GerardM
On 2 November 2016 at 20:53, Pine W <wiki.p...@gmail.com> wrote:
> A similar thought crossed my mind regarding MediaWiki software. I believe
> that a number of USG agencies use MediaWiki, and that some of them use it
> for classified purposes. This is a bit of a two-edged sword; I imagine that
> they'd want to support the continued development of MediaWiki (which is
> good for us) but there would be interesting questions about whether they'd
> also want to introduce and/or keep open security vulnerabilities. I imagine
> that WMF considered Victoria's government affiliations carefully during the
> screening process, and I agree it would be nice to hear some clarifications
> about how WMF can ensure that any potential conflicts of interest are
> carefully managed.
>
> My first instinct here is to welcome what looks like a person who's a good
> fit for the job. Victoria would be far from the only person in WMF and the
> Wikimedia community with ties to government agencies; I would treat this
> hire with a similar level of care regarding conflicts of interest as we
> would with any other appointment.
>
> As a general practice, I would prefer declared and public potential
> conflicts of interests to undisclosed conflicts of interest, and I would
> suggest that someone being public with their affiliations and potential
> conflicts should be treated respectfully while keeping an open mind to the
> possibility that the conflicts may be manageable. In Victoria's case, I
> would encourage assuming good faith while asking appropriate questions; I
> feel that it's reasonable for the community to ask some questions to make
> sure that WMF did in fact consider these issues during the candidate
> selection process. Perhaps Victoria will have an office hour where the
> community can have a Q&A with her on these and many other questions that
> people are likely to have.
>
> Regards,
>
> Pine
>
> Pine
>
>
> On Wed, Nov 2, 2016 at 12:25 PM, James Salsman <jsals...@gmail.com> wrote:
>
> > It's great that the CTO position was filled.
> >
> > The blog announcement's biography omitted these details:
> >
> > "As Director for Security Initiatives for Intel’s Digital Enterprise
> > Group [Victoria Coleman] was responsible for defining the company’s
> > security technology roadmap and translating it to product delivery.
> > During this time, she was instrumental in bringing Intel’s LaGrande
> > Technology across the server processor and chipset product line.
> > Victoria has also had roles as the Director of the Trusted Platform
> > Laboratory and the Trust and Manageability Laboratory in Intel's
> > Corporate Technology Group... In 1995 she authored the landmark UK
> > Ministry of Defence DefStan 00-56 which created the legal framework
> > for the safety of programmable electronic systems procurement by the
> > MoD . In 2004, she founded the Cybersecurity Research Center on behalf
> > of the U.S. Department of Homeland Security."
> >
> > Source: http://www.potomacinstitute.org/fellows/2138-the-potomac-
> > institute-welcomes-senior-fellow-victoria-coleman-2
> >
> > Is Victoria willing to comment on
> >
> > https://www.schneier.com/blog/archives/2014/01/nsa_exploit_of.html
> >
> > and
> >
> > https://en.wikipedia.org/w/index.php?title=User_talk:
> > Jimbo_Wales/Archive_208&oldid=725820016#Massive_expansion_
> > of_National_Security_Letters
> >
> > please?
> >
> > _______________________________________________
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines
> > New messages to: Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
> _______________________________________________
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
>
_______________________________________________
Wikimedia-l mailing list, guidelines at:
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
