On Mon, Aug 25, 2008 at 6:46 AM, Bruno Wolff III <bruno@xxxxxxxx> wrote: > I am a stake holder and I don't see any problem stating that my interests > weren't properly protected. With Fedora's stances on openness, I believed > they extended to security breaches as well. You have just stated an uncommunicated expectation on performance. That belief needs to be part of a guiding process document that all the stakeholders can agree to abide by. > If they intend to act this way > to future incidents that is going to affect how I value participating in this > project. If the community doesn't do the work to put a Fedora specific incident reporting policy in place that meets its own needs.. then this could very well happen again and be handled in a way that community didn't expect. There's no guarantee that this will happen again when the same individuals are in place to remember any personal lessons learned from this one. I sure as hell hope to not be 'in pocket' the next time something like this happens. Without a policy document in place, we run the risk of different people blamelessly repeating history they personally did not live. Can't really expect people to have read the specific griping in this thread, several years later. The expectation on incident reporting performance must be documented and agreed to as part of a workable process for the Project. If that doesn't happen, if you don't help make that happen, then there's no justifiable reason to expect things to be different next time. Voicing a concern in meandering mailinglist thread is not crafting sustainable project policy. -jef -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
