← Back to team overview

mimblewimble team mailing list archive

Re: Grin's vulnerability disclosure and security process


Hi Igno,

I’ll preface this with the context that Grin is one of the most admirable crypto projects, and I haven’t contributed anything to date: this is only a suggestion from an enthusiastic observer.

I think the current Code of Conduct embraces a mistaken zeitgeist, specifically sections like:

> And if someone takes issue with something you said or did, resist the urge to be defensive. Just stop doing what it was they complained about and apologize.

This is the right approach to the vast majority of interactions, but codifying this rule explicitly, i.e. that I am responsible for another’s offense, will have a chilling effect on valuable conversations. For example, the Code of Conduct was offensive to Luke. Applying this standard woodenly, we would be required to stop working on it. Maybe if a less prominent contributor had proposed this change, Luke’s offense would have silenced them.

Some principles are better held by individuals than enforced by law and turned into political weapons— I think a much shorter and simpler code of conduct would better serve this project in the long run.

Thanks for your consideration,


Sent from my iPhone

> On Sep 12, 2018, at 3:20 AM, Edward Bosher <edbosher@xxxxxxxxx> wrote:
> In the interests of not escalating this further, and as another passerby, I'm willing to stick my neck out and say I don't think the code of conduct will be the doom Grin.
> I'd even go as far as saying it's a positive thing. Good work Igno!
>> On Wed, Sep 12, 2018 at 6:07 PM Luke Kenneth Casson Leighton <lkcl@xxxxxxxx> wrote:
>> On Wed, Sep 12, 2018 at 4:18 AM, Ignotus Peverell
>> <igno.peverell@xxxxxxxxxxxxxx> wrote:
>> > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
>> > On Tuesday, 11 September 2018 09:19, Luke Kenneth Casson
>> > Leighton <lkcl@xxxxxxxx> wrote:
>> >
>> > <snipped>
>> >
>> >> ah. i had not realised that the project has adopted one of this
>> >> extremely dangerous and toxic documents.
>> >
>> > It's been around for almost a year, it's in the nature of the project already. All committers and contributors seem happy about it, pretty sure no one is absolutely terrorised. If you participated more, you'd see that we've been thoughtful in applying it. It's also mostly inspired from the Rust project, which has been doing fairly well. And we all know FreeBSD has had its issues, even well before any policy adoption.
>> >
>> >> however... if i do not hear from you within a week, or if you, the
>> >> developers, have no intention of replacing that extremely dangerous
>> >> document with an alternative, then i will require that you remove me
>> >> from this mailing list, and i will be recommending to the people that
>> >> i am in discussions with that this project be blacklisted from
>> >> consideration. it's that serious.
>> >
>> > As far as toxicity is concerned, vociferous ultimatums from passerbys rate quite a bit higher than code of conducts in my book. So here, I'll help you, the unsubscribe button can be found right under the "Mailing List" section:
>>  ok, so you didn't listen, in other words you are unaware of the
>> procedures here:
>>  http://www.crnhq.org/content.aspx?file=66138|37449y#Empathy
>>  which is actually a much more important indication of the fact that
>> this project is extremely likely to fail than the issue of having a
>> dangerously toxic document as the fundamental core basis of guiding
>> community interaction.
>>  in replying as you did, you also violated one of the key systemic
>> laws of organisations, "all contributor and all contributions are
>> valuable".
>>  you also failed to understand that it is often only through external
>> help and insights that groups can be alerted to the existence of a
>> problem.
>>  i am not giving you these insights for *your* benefit - i am
>> providing them so that the public records show that you were given
>> advice, and you failed to listen to it.
>>  for the benefit of external people reading the mailing list archives:
>> unless there is a change in how the project is managed and run, from
>> prior experience i anticipate it will fail some time within the next
>> 6-18 months.
>> l.
>> -- 
>> Mailing list: https://launchpad.net/~mimblewimble
>> Post to     : mimblewimble@xxxxxxxxxxxxxxxxxxx
>> Unsubscribe : https://launchpad.net/~mimblewimble
>> More help   : https://help.launchpad.net/ListHelp
> -- 
> Mailing list: https://launchpad.net/~mimblewimble
> Post to     : mimblewimble@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~mimblewimble
> More help   : https://help.launchpad.net/ListHelp

Follow ups