> For example, I opened some patches to improve solr's security because its currently an RCE-fest. I'm gonna wait a couple days, if nobody says anything about these patches I opened for Solr, I'm gonna fucking commit them: someone needs to address this stuff. Why should I wait weeks/months for some explicit review? There is repeated RCE happening, how the hell could I make anything worse?+1 Robert, totally agree. RCE etc should be absolutely top priority. Thanks a ton for tackling this. Breaking functionality (not deliberately of course) is better than having RCEs in a release. IOW, it can't get worse.On Mon, 2 Dec, 2019, 3:03 PM Robert Muir, <firstname.lastname@example.org> wrote:On Mon, Dec 2, 2019 at 3:49 AM Jan Høydahl <email@example.com> wrote:I think the distanse is not necessarily as large as it seems. Nobody wants to get rid of lazy consensus, but rather put down in writing when we recommend to wait for explicit review.Then change the document's name to be Recommendation instead of Policy!