Luc Verhaegen <l...@skynet.be> writes: > On Wed, Nov 24, 2010 at 04:36:17PM +1000, Dave Airlie wrote: >> On Wed, Nov 24, 2010 at 4:31 PM, Luc Verhaegen <l...@skynet.be> wrote: >> > >> > See, this was exactly the problem here. It _was_ a freedesktop admin. >> > And it was pretty clear that it was that from the onset too. Mailing >> > fd.o admins, even if i could've dug up an email address in the split >> > second that i wrote the email (heck, i even mistyped repository), was >> > not the right course of action.
(As an aside: maybe it would be a good idea to spend more than a split second on writing an email of this kind?) >> So you mailed 2 mailing lists consisting of 2-300 people who could do >> nothing about it? >> >> nice work. >> >> Dave. > > Stop the counter-attack dave, it's far too obvious what you are doing > here. His response seems quite reasonable to me, assuming that he thought your intention was to get the problem looked into rather than just raising a stink. On the other hand if your intention was primarily to make a lot of noise, then clearly your action was a reasonable one. Which brings me to: > The means to the end were perfectly justifiable under the circumstances, > and this includes the years of experience i have with dealing with X.org > community. This especially includes the experience of something as noble > as the radeonhd driver project. Then what was your intended "end"? Has it been accomplished? As far as I can see, all you've managed to do is to create a lot of noise about what is, in itself, a fairly minor incident. Yes, it is serious that a "trusted admin" abuses his powers. However, that happens and will continue to happen. Humans are like that. We often show a remarkable lack of good judgement. And in this case, I think the pattern matches well with "bad judgement" rather than "evil intent". What I'm far more worried about are the admins (and non-admins) who have made changes with "evil intent" that we have not noticed. I am not particularly worried about this incident, as anyone with true "evil intent" would not have advertised their actions like this. However, that doesn't mean that no-one have acted with "evil intent", and been successful at it. There are two things that I feel are important about this: 1. What systems do we have in place that enables us to detect when a "trusted admin" acts in "bad judgement" or with "evil intent"? What is the probability that such actions will be noticed? Can we do anything to increase this probability? 2. What systems do we have in place that enables us to detect "evil commits" once they actually make their way into the repository? What is the probability that they will be noticed? Can we do anything to increase this probability? You'll notice that none of these are directly related to this incident. This incident only provides an excuse for bringing up such issues. If that was your goal, then I feel that it has not yet been accomplished, but making noise about it may have been a reasonable approach anyway. More related to this incident (and your comments) could be this issue, which I consider slightly less important than the previous two, but is still a quite significant point: 3. When incidents are detected (break-ins, abuse of admin rights, evil commits, what have you...), what processes are in place to deal with this? What information is published, and in which fora, and when? What investigations are performed, and what actions are carried out as a result of such investigations? Where are these processes documented? Of course, I have my own suspicions about the answers to all three questions, but that's not the point. The point is that the people who actually deal with these things must reflect over whether what we are doing is "good enough" or whether we should do better. (It goes without saying that we could do better, the question is whether it is worthwhile to spend effort on actually doing better.) I know that all this work is largely carried out by volunteers in their spare time. That doesn't make my three questions unimportant. (I'll just end by pointing out that whenever I say "we" above, of course I mean "you", considering how much I personally have contributed to this project. Thank you for all the good work, it is deeply appreciated.) eirik _______________________________________________ xorg-devel@lists.x.org: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
