couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andy Wenk <a...@nms.de>
Subject Re: [DISCUSS] Apache CouchDB Developer Code of Conduct
Date Wed, 30 Apr 2014 07:40:38 GMT
Hey Joan,

yeah good point. In one of your first emails, you stated below your quote
for the text (">  We will keep our entire bug report database open for
public ...")

"so we can probably make this explicit, then point to the ASF Bylaws[1]
and ASF "How it works"[2] for the rest."

Question: isn't the bug handling better placed in the bylaws? I understand
the CoC more in regarding "personal behaviour" instead of "technical
behaviour". Or am I on the wrong path?

Cheers

Andy


On 30 April 2014 07:24, Joan Touzet <wohali@apache.org> wrote:

> And the good news is that we have a mechanism for that already! :)
>
> http://docs.couchdb.org/en/latest/cve/index.html
>
> We encourage people to bring security issues to us via this framework.
> All issues raised are addressed promptly and disclosed as soon as feasible.
>
> -Joan
>
> ----- Original Message -----
> From: "Bruno Rohée" <bruno@rohee.org>
> To: dev@couchdb.apache.org
> Sent: Tuesday, April 29, 2014 7:42:29 PM
> Subject: Re: [DISCUSS] Apache CouchDB Developer Code of Conduct
>
> Joan Touzet wtrote:
>
> >  We will keep our entire bug report database open for public  view at all
> times. Reports that people file online will promptly become visible to
> others.
>
> My two cents : there are good, practical reasons to keep some bugs
> confidential before a fix/workaround is available. Namely security bugs.
> It's definitely bad when bugs are kept hidden for months or even years, but
> surely there is some middle ground to be found. This is especially
> important as it's reasonable to have an Internet facing CouchDB, unlike
> many other DBs...
>
>
> On Mon, Apr 28, 2014 at 9:48 PM, Joan Touzet <joant@atypical.net> wrote:
>
> > Benoit said:
> > > This one looks really good. What's your plan about the social contract?
> > > Take something adapted?
> >
> > In the context of this CoC it only refers to:
> >
> >   "We will not hide problems
> >
> >   We will keep our entire bug report database open for public
> >   view at all times. Reports that people file online will
> >   promptly become visible to others."
> >
> > so we can probably make this explicit, then point to the ASF Bylaws[1]
> > and ASF "How it works"[2] for the rest.
> >
> > -Joan
> >
> > [1] https://www.apache.org/foundation/bylaws.html
> > [2] https://www.apache.org/foundation/how-it-works.html
> >
>



-- 
Andy Wenk
Hamburg - Germany
RockIt!

http://www.couchdb-buch.de
http://www.pg-praxisbuch.de

GPG fingerprint: C044 8322 9E12 1483 4FEC 9452 B65D 6BE3 9ED3 9588

https://people.apache.org/keys/committer/andywenk.asc

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message