改变CVE程序re:董事会邮件列表和电话

换了个话题,让这个话题更容易跟踪。
    虽然它看起来像回答提出的变化是可以接受的
    到目前为止,我想指出,提醒董事会所说的列表
    像就表现而言。
——不是曾经有过董事会出勤,最低的50% ~ 18%,10日电话(50%)、斜方员工超过董事会成员
    我把这个重申,尽管电话当然是有用的
    指出的那样,他们不代表多数的董事会。这样的变化
    CVE政策真的需要带额外的讨论列表
    (之前和/或之后调用)以及潜在的投票问题
    如果有冲突的观点。
    不管什么决定,任何政策改变了列表或电话
    必须发布列表,在自己的新线程,一个明确的主题。
    这使得外部各方更容易找到给定的政策变化,
    因为我们的决定可能影响区域和行业。

布莱恩(我粗略的计算表。有些人有点像我没有时间去遍历列表档案时看到有人加入董事会通过archive.org和看到的列表。但这些近似数字服务目的。)https://docs.google.com/spreadsheets/d/1NX16D5yyATBo-NbeO6bUGhllg7GLayglBFtdUc47lXM/edit?usp=sharing- - - - - - - - - - - - - - - - - - - - - -转发消息:“棺材,克里斯”< ccoffin@mitre.org > X-Originating-IP: [192.160.51.88]:“Landfield,肯特”< Kent_Landfield@McAfee.com >,“Waltermire David a .(美联储)”, "pmeunier@cerias.purdue.edu"  Cc: Carsten Eiram , cve-editorial-board-list  Date: Fri, 7 Jul 2017 21:16:18 +0000 Subject: RE: Current standards/criteria for 'Undefined Behavior' Kent, I think this sounds like a very reasonable approach and would be onboard with making this change moving forward. I believe this approach also aligns with what Dave had proposed, thought you have given it a few more specifics. Proposed process: - Board minutes email contains a list of decisions made within the body of the message - Each decision includes a brief background statement and additional details where needed - Board members have two weeks to raise objections to the decision (this would also include those in attendance who might later change their mind) - If agreement cannot be reached on the list within the allotted discussion time period, we discuss and make a final decision in the following Board call taking into account new feedback or comments Does this work for everyone? Chris -----Original Message----- From: Landfield, Kent [mailto: Kent_Landfield@McAfee.com发送:星期五,2017年7月7日几点:Waltermire, David a .(美联储)< david.waltermire@nist.gov >;pmeunier@cerias.purdue.edu;棺材,克里斯< ccoffin@mitre.org > Cc: Carsten Eiram < che@riskbasedsecurity.com >;cve-editorial-board-list < cve-editorial-board-list@lists.mitre.org >主题:Re:当前标准/标准“未定义行为”作为我们成为更多的国际多样化的群体,重要的是所有参与决策。我同意董事会是有用的呼吁加速决策基于反复对话但这是不公平的,可以吗?t参与由于时区,旅行或真正的日常工作。我们已经同意作为董事会,工作组的决定需要放在董事会名单的建议。然后董事会有一个指定的时间不同意这些建议。如果没有分歧时间到期时,建议批准。也许我们可以考虑这种方法对董事会决策。电话分钟可能部分专门列出了决定同意与一些背景决定的电话。 The minutes would be posted with the decisions section copied and included in the body of the Board Minutes message in addition to the attached minutes file. The Board members then have a week (or some specified time) to disagree and initiate a conversation. Any decisions not addressed are blessed with the ?silence begets acceptance? approach. We should be addressing the decisions that Board members have an issue with or need clarification on, not the ones we agree on. -- Kent Landfield 817-637-8026 kent_landfield@mcafee.com On 7/7/17, 2:55 PM, "owner-cve-editorial-board-list@lists.mitre.org on behalf of Waltermire, David A. (Fed)"  wrote: Who is responsible for deciding how big/risky or small/minor a given issue is? I wouldn't want that job. The problem is those present on the board call might think an issue is "small" and inconsequential. Those that might find a big problem in a small thing might not be present on a given call to raise such a concern. This is where there is value in sending a short email to the list to keep everyone looped in. We have had some examples of this in the past with changes to CVE status, impacts on downstream consumers, etc. Regards, Dave > -----Original Message----- > From: Pascal Meunier [mailto: pmeunier@cerias.purdue.edu]>发送:星期五,07年7月下午3 2017年46 >:棺材里,克里斯< ccoffin@mitre.org >;Waltermire David a .(美联储)> < david.waltermire@nist.gov > > Cc: Carsten Eiram < che@riskbasedsecurity.com >;cve-editorial-board-list > < cve-editorial-board-list@LISTS.MITRE。ORG > >主题:Re:当前标准/标准“未定义行为”> >在星期五,在18:49 2017-07-07 + 0000,棺材,克里斯写道:> >在这个路线的一个担忧是,我们从来没有真正让> >任何决定在董事会电话和他们可以> >的价值大大降低。> >我理解和赞同开车去把事情做好,决定。> >另一方面,对于一些决定,更多的时间把事情想清楚>和利用整个董事会的输入将是明智的。>董事会调用是完美的地方决策过于轻微,或与>董事会的利益无关,整个董事会的参与,为了效率的>。我认为这是一个主观判断来决定谁可以做决定>调用。然而,CVE分配政策决定整个>感兴趣的。我的观点是,分裂的区别在中间,和>标记邮件列表讨论某些类别的决定,可能>接近最优。 > > Pascal