[Python-Dev] security SIG? (was: Discussion overload)
brett at python.org
Sat Jun 18 14:10:29 EDT 2016
On Sat, 18 Jun 2016 at 07:30 Cory Benfield <cory at lukasa.co.uk> wrote:
> > On 18 Jun 2016, at 04:06, Brett Cannon <brett at python.org> wrote:
> > Do we need a security SIG? E.g. would people like Christian and Cory
> like to have a separate place to talk about the ssl stuff brought up at the
> language summit?
> Honestly, I’m not sure what we would gain.
> Unless that SIG is empowered to take action, all it will be is a factory
> for generating arguments like this one. It will inevitably be either a
> toxic environment in itself, or a source of toxic threads on python-dev as
> the security SIG brings new threads like this one to the table.
> It should be noted that of the three developers that originally stepped
> forward on the security side of things here (myself, Donald, and
> Christian), only I am left subscribed to python-dev and nosy’d on the
> relevant issues. Put another way: each time we do this, several people on
> the security side burn themselves out in the thread and walk away (it’s
> possible that those on the other side of the threads do too, I just don’t
> know those people so well). It’s hard to get enthusiastic about signing
> people up for that. =)
And this is the problem I'm trying to solve. As various people have pointed
out, the conversation was pretty much cordial, but it did end up feeling
like "you're not listening to me" on both sides on top of the volume, which
is what I think burned people out on this thread.
I think Nick brought up the point that we as a group need to come up with
some guideline that we more-or-less stick with to help guide this kind of
discussion or else we are going to burn out regularly any time security
comes up; we can't keep holding security discussions like this or else
we're going to end up in a bad place when everyone burns out and stops
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-Dev