IETF Logo Mail Archive

Re: [Ietf-and-github] Mail regarding draft-ietf-git-github-wg-configuration, section 3.1 (Contributions)

Stephan Wenger <stewe@stewe.org> Tue, 05 March 2019 18:09 UTC

Return-Path: <stewe@stewe.org>
X-Original-To: ietf-and-github@ietfa.amsl.com
Delivered-To: ietf-and-github@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 196111295EC for <ietf-and-github@ietfa.amsl.com>; Tue, 5 Mar 2019 10:09:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=steweorg.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ALogg_ls6QTK for <ietf-and-github@ietfa.amsl.com>; Tue, 5 Mar 2019 10:08:57 -0800 (PST)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-eopbgr790097.outbound.protection.outlook.com [40.107.79.97]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DBF1F128B36 for <ietf-and-github@ietf.org>; Tue, 5 Mar 2019 10:08:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=steweorg.onmicrosoft.com; s=selector1-stewe-org; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=isD5ZFcaAll6aG/GEb4Cqlx6ugmREJR6RpQg+A7yUfc=; b=i2HuI5+pqmFjhFS63ZLE36JO6t2HE7NEZ+dw4m8Ucgbny1tR+miYDUFKkCtGL7dstcYU6DwafzqKTRpPXM96CNpHTihn0hkl1LpKBWVumW+kBPuLD4gZ6YZzy/pxfefKChYBTp1CHAaGJ/UG49+smk+hEsrrABCBm6ZJZq6iPEk=
Received: from MWHPR17MB1503.namprd17.prod.outlook.com (10.173.241.21) by MWHPR17MB1997.namprd17.prod.outlook.com (10.173.100.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1665.15; Tue, 5 Mar 2019 18:08:53 +0000
Received: from MWHPR17MB1503.namprd17.prod.outlook.com ([fe80::20e7:159:4ecb:8902]) by MWHPR17MB1503.namprd17.prod.outlook.com ([fe80::20e7:159:4ecb:8902%8]) with mapi id 15.20.1665.020; Tue, 5 Mar 2019 18:08:53 +0000
From: Stephan Wenger <stewe@stewe.org>
To: Martin Thomson <mt@lowentropy.net>, "ietf-and-github@ietf.org" <ietf-and-github@ietf.org>
Thread-Topic: [Ietf-and-github] Mail regarding draft-ietf-git-github-wg-configuration, section 3.1 (Contributions)
Thread-Index: AQHU0q31GSCBfQHOk0eFxLB9oe6tbqX8VM+A//9+LQCAAX3OAP//gLmA
Date: Tue, 05 Mar 2019 18:08:53 +0000
Message-ID: <75E45066-B654-4334-BD02-690404C73BF6@stewe.org>
References: <C29868B2-6489-4D3C-A57F-4A6A52CA72B3@contoso.com> <c99214a2-40ee-41dd-a4dc-e361d56771cd@www.fastmail.com> <4D3661B2-5083-48F5-8D52-079E90ED9C0D@stewe.org> <12778523-2a7f-492c-bb2c-9e234980594d@www.fastmail.com>
In-Reply-To: <12778523-2a7f-492c-bb2c-9e234980594d@www.fastmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=stewe@stewe.org;
x-originating-ip: [66.201.43.226]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a9d188a6-2add-4b8c-0d1a-08d6a195a0a7
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(7021145)(8989299)(4534185)(7022145)(4603075)(4627221)(201702281549075)(8990200)(7048125)(7024125)(7027125)(7023125)(5600127)(711020)(4605104)(2017052603328)(7153060)(7193020); SRVR:MWHPR17MB1997;
x-ms-traffictypediagnostic: MWHPR17MB1997:
x-microsoft-antispam-prvs: <MWHPR17MB1997C854967C649428510D6FAE720@MWHPR17MB1997.namprd17.prod.outlook.com>
x-forefront-prvs: 0967749BC1
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(366004)(346002)(396003)(39830400003)(376002)(189003)(199004)(2616005)(97736004)(6486002)(36756003)(6436002)(14454004)(6512007)(86362001)(229853002)(68736007)(25786009)(508600001)(53936002)(3846002)(6116002)(2906002)(2501003)(82746002)(5660300002)(14444005)(5024004)(105586002)(33656002)(66066001)(6506007)(102836004)(76176011)(99286004)(6246003)(26005)(256004)(186003)(316002)(66574012)(110136005)(305945005)(93886005)(7736002)(106356001)(81156014)(8676002)(81166006)(83716004)(11346002)(71200400001)(486006)(71190400001)(8936002)(446003)(476003); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR17MB1997; H:MWHPR17MB1503.namprd17.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:0;
received-spf: None (protection.outlook.com: stewe.org does not designate permitted sender hosts)
x-microsoft-exchange-diagnostics: 1;MWHPR17MB1997;23:ys16w4O659NIaZeWe2fV7SRSpFpFKsRm7v241yVTuZnV6WVWyY56czp7xlmi75OaA8gI0Y/EdjDkT7vG7qoD/YXP8EmbUG42AjQ7wN00qyLzRg+wG20q+/03uxD2FVe+cTKNfsa41QpNR+DzMPsQ8Ry6SANl17yVeZ4JRHmw8Zc7mERJ/JMQ4t+oP2Iw0OFLjCSdbwIjT9YCmGzJUXpxLJCaconr+1VLc5IQ9W0YkQd+8M1jGVMiVmEURZMB5N9djYh94tnoMMSAqPy5e6A+uCIkGgpfPMi1UQRXgRTFATk9TkwjNc4X2co6be0bKucm6DGgIA3z4x+5Eyw62Nwc3d7DhajLTs9PwmAB9GtH6+c3ksV3PybWFz82cGfbtT+2KxbwEW0CEaaSUYlUGbcil/ppwiEB49fiY77NyYKuIzNIJFq5P03WCqCJRQ4XSl9dWopbdJyGRCyoGajl/5g8VXzxiMsAl5zbLhyz6xA/QgKeTFJwVwSnyDmMI99vHNL5Pre77xHC8nsMwXZ+kjQhtrJmY1TeorD2VAgxbbDKBGgM1XQV1gwlRhqcZkwZkiEh/RDMyYvHwI6ADuQpc137gpenVKssf5EQQWPTBpOkf7gZ4aPvTVCapDPAjJsE/8IWHGSgt/P6ILIpZr3uyGTcSjTwafVsJjoJ+q8DXaqBm9bZYbQ7eG/AV5JMpE/812BdXnmXGZVZ49H3+GL1LCKBVg7JGxP1Xs/X6UnX7tlXiZ5twvVOjq34QkH8Er4XpGs3y6a1sz+1MRKV0KolK0cwcGtpjn3vxzL8Hbn2/IOXjskcKmAJuOUG+Y8fzx4Ev5ActKQab5zoW1rgbU2ezUa4zmr0RuIOHvICy5P0PCYrRZz15mXKkMJYJTMzeqisn8iNW1kGJ6dosbdjHULtKg1UY/G0VDbhm718+3deMbYqwJgwbIVK4J/4kHMey1CsyEH3a4De5sYDYMOASN811mVUQxHxnltIMow0qBjXT0kaXKghgCAc9r2KMyLY4JKJvKDgXAxHk37UAkF/PtBGjiY4zavqQedqtGk1bGtWUSBd4/lwJSB01ZVv6NNFydRm5LFRw2NaOwZrzAUyPb51g/UKuRyEiTT5jJBYS2yN/xAvpfmafRy7yDbii8XYSK0672u+Ta9Q2mGA0VOZBRRJyWU3SGiVHEVhe1F9Lj312iFJx/2oLyNtJOmavFTTACZiVK9VoK6Merl/tMtda12VAkrj+yW5LfeVl/9CCiuKb/jczjPTL2wAKbBxhIwoa3urhBu5IVFvGYquoH5rUUBNMIlx9Q==
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: ScGK9ycDvXJmh+XJ/ssOmjXXJPWU7qClQ8mti8/nvkiYy6gGgABhiabJslJWQx/6i0GtP8ksda9aMRUcihj5Bpdxe294zBdJDi2dSbZV/O+apfI33siXAp6IecIefcjgczCLyVLvQMCSaunbZ0B6IhmVsGvyLJiLgMx0oB4LZF1eOEB8jTY5AVIr4unklwbp26yKxmHlNc5g2zf5vLeAQx4ANkacMr2Lrc4MU2ZnCHih/I++LpeQO397Kg8y13KycJi0PlP2GYsZbQcR/Dzx/XLmVtUUP9nsatH8lWMz1DMbC2y2xsNNmOh5KBmIkmL+/6gv39lOTXR9DsnHiNHQJcR4gGCArRON+LOskgRh2E5cqMgxPwIzaffPLf4+fz0zyU3J0FCNpWvdXWq8/FuTnRjjKtX7lMz28DZH19Af3wE=
Content-Type: text/plain; charset="utf-8"
Content-ID: <E67B44A3942E1A4ABFD82F51F5570221@namprd17.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: stewe.org
X-MS-Exchange-CrossTenant-Network-Message-Id: a9d188a6-2add-4b8c-0d1a-08d6a195a0a7
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Mar 2019 18:08:53.5303 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 865fc51c-5fae-4322-98ef-0121a85df0b6
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR17MB1997
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-and-github/ZhMCHXuGxH6bICjtz1L8rM26re4>
Subject: Re: [Ietf-and-github] Mail regarding draft-ietf-git-github-wg-configuration, section 3.1 (Contributions)
X-BeenThere: ietf-and-github@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of using GitHub in IETF activities, particularly for Working Groups" <ietf-and-github.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-and-github>, <mailto:ietf-and-github-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-and-github/>
List-Post: <mailto:ietf-and-github@ietf.org>
List-Help: <mailto:ietf-and-github-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-and-github>, <mailto:ietf-and-github-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2019 18:09:01 -0000


On 3/5/19, 09:44, "Martin Thomson" <mt@lowentropy.net> wrote:

    > StW: Yes, this seems adequate.  However, I thought the subject draft is 
    > guidance for WGs setting up their own GitHub projects.  Nowhere it is 
    > mandated that they use the IETF "tree" or whatever that thing may be 
    > called.  In theory, I could set up my own GitHub repository under my 
    > own name, not using your excellent infrastructure, no Note Well, no 
    > nothing, and invite the working group to contribute.  Then all kinds of 
    > random people (including potentially malicious ones) could 
    > theoretically make Contributions in the BCP79 sense arguably without 
    > being bound by BCP79.  So I guess there should be a word of warning in 
    > this draft--using the Martin Thomson-style infrastructure and the IETF 
    > tree (or whatever that thing is called), or otherwise be very careful 
    > to implement your own mechanisms to ensure that all Contributions are 
    > made in accordance with BCP79 and the Note Well.
    
    This is certainly a risk we bear, but not one that we avoid by writing things down in documents (which seems to be our only real tool, other than filling inboxes and mail archives with words, that is).  People will make venues that accept contributions and fail to create the proper notices.  That is what tends to happen already.  For instance, not to pick on anyone in particular, but I see plenty of personal repositories with drafts sitting in them that accept issues and pull requests but don't have any notices attached.
    
StW: Reading this, I grow really worried.  Are we potentially giving up a, so far, reasonably solid, and reasonably well working (compared to certain other SDOs I could name) IPR regime for the mere expediency developing specs?  Specs, that may potentially become unusable due to IPR problems that were made possible by perhaps somewhat naïve facilitators?
It may be out of scope of the WG as chartered, but it sounds to me that a somewhat heavier hand may be required.

    The best we can do is write down what should happen and smooth the path for the good stuff as much as possible.  My view is that the draft we're discussing does pretty much what it needs to do (or at least can do) in this regard.

StW: within the scope of the WG and the draft in question, I believe, as a minimum we could and should add large warning signs making readers aware of possible IPR related pitfalls of using anything beyond IETF-hosted mailing lists and I-D submissions for the deliberation of documents.  And point them to appropriate toolchainss, like yours.  For example (and this needs to be wordsmithed for sure):

"The IETF requires in certain cases the disclosure of IP inserted in into Internet Drafts through Contributions; see BCP79.  If a WG using GitHub does not ensure, through technical means, that contributing through GitHub mechanisms falls under the BCP79 definition of Contributions and that contributors through GitHub are aware that they contribute under BCP79, the resulting RFC may run a considerably higher risk of not being deployable through IP encumbrance not known to the WG.  Martin/the IETF/the tools team/whoever provides a handy set of mechanisms for GitHub that to a large extent alleviates that risk--go <here> to download it.  We suggest to use it, or use something else that has the same effect. "

v2.23.0 | Report a Bug | By Email