Date: Thu, 10 Apr 2014 19:28:53 +1000 (EST) From: Ian Smith <smithi@nimnet.asn.au> To: Pawel Biernacki <pawel.biernacki@gmail.com> Cc: freebsd-security@freebsd.org, joeuser@rootservice.org Subject: Re: Proposal Message-ID: <20140410183123.L54500@sola.nimnet.asn.au> In-Reply-To: <CAA3htvtSOGdfUQY9SiAQu5SUzgRxs6izyLjjMPWtKao8HjJo%2Bw@mail.gmail.com> References: <CAA3htvve4NNvmN0QOf6v4RwbT8PmGrSCFzNCbivfaEMN7J26Ow@mail.gmail.com> <3g3r546WVbz62Xv@devnoip.rootservice.org> <CAA3htvtSOGdfUQY9SiAQu5SUzgRxs6izyLjjMPWtKao8HjJo%2Bw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 9 Apr 2014 19:00:52 +0100, Pawel Biernacki wrote: > On 9 April 2014 17:08, Joe User <mailinglists@rootservice.org> wrote: > > On 09.04.2014 17:29, Pawel Biernacki wrote: > >> [snip] > >> We need more transparency here. > >> > > > > Please read this and other related threads and you'll understand that > > the FreeBSD-SecTeam had no real chance to react earlier than they did. > > http://seclists.org/oss-sec/2014/q2/22 > > > > In fact, they were realy fast, thanks therefor. Personally, I'm well impressed by the speed (and care) with which this happened, in the by now very well explained course of events. Special thanks to Xin for all the single-threaded work and Dag-Erling for the explanations, though I'm sure there were other willing hands on deck. > Interesting lecture, thank you. But if FreeBSD SO wasn't on the > mentioned list it's an argument for payable position because that can > help developing more efficient social network in the future ;-). That's no argument for a paid SO at all, but seeing a few people banging on how throwing money at such problems could or should help, I'd like to offer a counter argument - off-topic as this whole aspect surely is. In a largely voluntary project such as FreeBSD, or for that matter any number of community volunteer efforts, the introduction of paid staff can - unless handled with extreme sensitivity - be a kiss of death. As soon as there's someone/s whose paid job it is to perform such roles, many of the other, voluntary members of a team such as Security are more likely to tend to sit back and expect or allow the employee to 'do his or her job'. However well-meaning, that's a natural tendency that can often dissipate the collaborative energies of enthusiastic volunteers; I've seen this occur in many once-voluntary organisations over 40 years. As far as I can determine, the Foundation already supports the SO and other senior developers in other useful ways; conference accomodation and travel, access to infrastructure, etc, and provides grants to people for specific projects, including ongoing ones like Release Engineering; this is entirely appropriate and serves to consolidate voluntary energy, not to compete with it. My 2 Yen - I know, not worth much these days - Ian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140410183123.L54500>