← Back to team overview

mimblewimble team mailing list archive

Re: Grin's vulnerability disclosure and security process

 

I appreciate the suggestion to back up my critique with code, so here's a pull
request <https://github.com/mimblewimble/grin/pull/1523> as an example. My
goal was preserving the primary rules from the existing code of conduct but
eliminating some of the details that would fluctuate quickly with zeitgeist.

Chris

On Wed, Sep 12, 2018 at 9:09 AM Your Own Crypto <roll@xxxxxxxxxxxxxx> wrote:

> It's an open source project, send a PR
> https://github.com/mimblewimble/grin/blob/master/CODE_OF_CONDUCT.md
> <https://github.com/mimblewimble/grin/blob/master/CODE_OF_CONDUCT.md>
>
> Sent from ProtonMail Mobile
>
>
> On Wed, Sep 12, 2018 at 17:59, Luke Kenneth Casson Leighton <lkcl@xxxxxxxx>
> wrote:
>
> ---
> crowd-funded eco-conscious hardware: https://www.crowdsupply.com/eoma68
>
>
> On Wed, Sep 12, 2018 at 4:23 PM, <chris@xxxxxxxxxxxx> wrote:
> > Hi Igno,
> >
> > I’ll preface this with the context that Grin is one of the most
> admirable
> > crypto projects, and I haven’t contributed anything to date: this is
> only a
> > suggestion from an enthusiastic observer.
> >
> > I think the current Code of Conduct embraces a mistaken zeitgeist,
> > specifically sections like:
> >
> > And if someone takes issue with something you said or did, resist the
> urge
> > to be defensive. Just stop doing what it was they complained about and
> > apologize.
> >
> >
> > This is the right approach to the vast majority of interactions, but
> > codifying this rule explicitly, i.e. that I am responsible for another’s
> > offense, will have a chilling effect on valuable conversations. For
> example,
> > the Code of Conduct was offensive to Luke. Applying this standard
> woodenly,
> > we would be required to stop working on it. Maybe if a less prominent
> > contributor had proposed this change, Luke’s offense would have silenced
> > them.
> >
> > Some principles are better held by individuals than enforced by law and
> > turned into political weapons— I think a much shorter and simpler code
> of
> > conduct would better serve this project in the long run.
>
> here's the thing, chris: ignatius has already spoken.... for all of
> you. he's clearly stated, "everyone is happy, has always been
> happy".... so now if anyone says otherwise, it creates a serious
> problem of confidence in the project.
>
> i've been at this a long time, and i have to say that i've not really
> encountered quite so many systemic and ethical violations in one
> "simple" reply, which is why i was able to conclude, even from just
> this one reply of ignatius', that the project has about 6-18 months
> left before other people start to notice what is clearly apparent to
> someone with my experience in dealing with open source software.
>
> nobody has to like that: i'm just the messenger, you understand?
>
> l.
>
> --
> Mailing list: https://launchpad.net/~mimblewimble
> Post to : mimblewimble@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~mimblewimble
> More help : https://help.launchpad.net/ListHelp
>
>

Follow ups

References