Re: [Eligibility-discuss] Handling the fear of "bogus" recall petitions

[John C Klensin <john-ietf@jck.com>]

--On Friday, 25 October, 2019 10:26 -0500 Pete Resnick
<resnick@episteme.net> wrote:

> I took Adrian's proposal as the latter: SM's document assumes
> (maybe) that 3/5 remote registration is a close enough metric
> for skin in the game, and Eliot's concern was that you could
> end up with people with no actual skin in the game initiating
> the petition. Adrian proposed requiring someone under the
> current rule to be on the petition as a backstop for the new
> metric being misused. I think it's reasonable to ask the
> question: Does using such a backstop allay the concern, or is
> there something more to the issue and we really need a better
> metric? This is not about negotiating some compromise.

Pete,

Although I don't have a strong objection to Adrian's proposal,
nor to suggestions that someone not be considered a "remote
participant" (focusing on the "participant" part) unless they
actually sign into Meetecho for one or more sessions (I've even
suggested that a time or two), let me reinforce Any Malis's
observation.  If what we are worried about is DoS attacks, then
anyone wanting to organize one is going to have to start
planning and organizing bots or sock puppets more than a year in
advance.  If their intent is to attack a particular I* member,
that almost guarantees ineffectualness: they would spend a year
getting organized, and then initiate a process that would have
even someone seated at the beginning of that period in front of
the nomcom for renewal (or not) before they could be removed.
If their intent, instead, is to attack the IETF and its ability
to do work, well, there are much easier ways.

While I do not doubt the sincerity of those who are concerned
about DoS attacks and bogus petitions, analyses like the above
cause me to believe that the concerns are somewhat misplaced.

Several people have suggested that, if we cannot completely
reform the recall model, doing anything with the petition
process is a waste of time and energy.  Much as I would like to
see a complete process overhaul, I disagree with that view too.
The problem of remote participants -- even very active ones, not
being able to initiate recalls to seek to control an abusive or
out-of-control I* member is real, it makes the IETF look bad and
less hospitable to such people, to at least a first order
approximation, we know how to solve it.  A complete overhaul of
the recall process is a more complex matter and we don't have
good solutions to several of the issues including the
observation that, if the recall committee is going to work
largely f2f as the Nomcom does, a 3/5 f2f requirement does not
seem inconsistent with the requirements of the role.  That
doesn't mean we can't do better; if does suggest that insisting
on a complete solution as a condition for doing anything at all
is, whether that is the intention of not (and I assume that it
is not) a fairly good way to be sure that nothing happens at
all, at least in the relatively near future.

(and yes, Mike's suggestion of splitting the Nomcom function
itself into two parts is, to me, fascinating and deserving of
more consideration but it seems to me to be completely
orthogonal to the proposal on the table.)

best,
   john