← Back to team overview

mimblewimble team mailing list archive

Re: Grin's vulnerability disclosure and security process


On Wed, Sep 12, 2018 at 4:18 AM, Ignotus Peverell
<igno.peverell@xxxxxxxxxxxxxx> wrote:
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Tuesday, 11 September 2018 09:19, Luke Kenneth Casson
> Leighton <lkcl@xxxxxxxx> wrote:
> <snipped>
>> ah. i had not realised that the project has adopted one of this
>> extremely dangerous and toxic documents.
> It's been around for almost a year, it's in the nature of the project already. All committers and contributors seem happy about it, pretty sure no one is absolutely terrorised. If you participated more, you'd see that we've been thoughtful in applying it. It's also mostly inspired from the Rust project, which has been doing fairly well. And we all know FreeBSD has had its issues, even well before any policy adoption.
>> however... if i do not hear from you within a week, or if you, the
>> developers, have no intention of replacing that extremely dangerous
>> document with an alternative, then i will require that you remove me
>> from this mailing list, and i will be recommending to the people that
>> i am in discussions with that this project be blacklisted from
>> consideration. it's that serious.
> As far as toxicity is concerned, vociferous ultimatums from passerbys rate quite a bit higher than code of conducts in my book. So here, I'll help you, the unsubscribe button can be found right under the "Mailing List" section:

 ok, so you didn't listen, in other words you are unaware of the
procedures here:

 which is actually a much more important indication of the fact that
this project is extremely likely to fail than the issue of having a
dangerously toxic document as the fundamental core basis of guiding
community interaction.

 in replying as you did, you also violated one of the key systemic
laws of organisations, "all contributor and all contributions are

 you also failed to understand that it is often only through external
help and insights that groups can be alerted to the existence of a

 i am not giving you these insights for *your* benefit - i am
providing them so that the public records show that you were given
advice, and you failed to listen to it.

 for the benefit of external people reading the mailing list archives:
unless there is a change in how the project is managed and run, from
prior experience i anticipate it will fail some time within the next
6-18 months.


Follow ups