On Tue, Nov 13, 2018 at 9:46 AM things things <[email protected]> wrote:
> >> I hope you can see that this is actively damaging the community by > promoting magniloquent indictments instead of discussing > >> clear facts. It would be far more productive to provide a concrete and > structured list of TUVITs failings, as suggested by Jakob. > > > Do you believe the initial message did not contain that? > > Yes. Your inital message contained a lot of information, a timeline about > contacting TUVIT, expressions of your dissatisfaction with TUVITs answers > etc etc. It also contained two paragraphs labeled "Issue A" and "Issue C", > but it is far from a concrete and structured list. > > I don't think that it is currently transparent or its lost in the approx > 50 message with partly heated exchanges about ETSI and whatnot that > followed, what the core of the issues is. > I think, then, that we'll have to agree to disagree on both approach and substance. It would appear that your desire is for a small, bulleted list of items, and to make your opinion solely based on that, without any context. The initial thread started by both contextualizing a set of issues and, from there, enumerating specific issues. The discussion, to date, has been to review those facts, ensure they're accurate and meaningfully presented, and allow opportunity for both other concerns to be raised and for other considerations. This will be, inherently, a messy process, but is fundamental to the essence of building a shared understanding. There have been several attempts to derail the thread, including suggestions these issues shouldn't be discussed before December (at the earliest) or possibly into the next year, but those are fundamentally unproductive. >From the 40 messages, we've converged on a set of things starting to be understood and agreed upon, and other issues still being debated. It would be both premature and unproductive to attempt to distill that into a curt list while the discussion is ongoing, especially given that the responsiveness of TUVIT to the concerns - and in particular, the lack of any explanation of methodology that would explain why the concerns are unfounded. If you consider past discussions - such as CAs like StartCom or Symantec - you'll see that they similarly followed an evolutionary approach, in which an initial issue was reported, it spiraled into a broader discussion, and the *output* of that discussion was a structured list. This is why I disagree with you on substance and approach; I think it would be premature to attempt to distill that into a list while the discussions are ongoing, to the point of seeming to attempt to stifle conversation. Indeed, most of the messages following https://groups.google.com/d/msg/mozilla.dev.security.policy/Q9whve-HJfM/T6W4i2XHAwAJ have not been attempting to discuss the substance of the issues, or to further explore, but instead suggest that it's not appropriate to have this conversation, or to attempt to restructure the conversation. It seems like far more productive conversations can be made on the substance, rather than structure-policing. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
