Re: [OPSAWG] draft-ietf-opsawg-tacacs-?? overview of significant changes over the last year

[Andrej Ota <andrej@ota.si>]

Hi Alan and everyone in the WG,


Thank you for extending us a helping hand and keeping it extended.


> 
>> A year's worth of changes is a round number and -06 was also the version where we misread Alan's intention and made the mistake of including his text verbatim.
> 
>  The message I sent yesterday said *explicitly* that including the text verbatim was fine, so long as attribution was given.
> 
>  The message from Scott Bradner to the list last year also said this:
> 
> https://www.ietf.org/mail-archive/web/opsawg/current/msg04835.html
> 
>  The issue is *not* including the text verbatim.  The issue is the failure to acknowledge authorship.

On the topic of the current authorship acknowledgment:

We have added the acknowledgment in -08 in section 10 which currently (revision -10) reads:
"The authors would like to thank the following reviewers whose comments and contributions made considerable improvements to the document: Alan DeKok, Alexander Clouter, Chris Janicki, Tom Petch, Robert Drake, among many others.

The authors would particularly like to thank Alan DeKok, who provided significant insights and recommendations on all aspects of the document and the protocol. Alan DeKok has dedicated considerable effort to identify weaknesses and provide remedies to help improve the document."

We tried to capture the full extent of your contributions in the acknowledgment section. If it seems to you that we still missed the mark, give us some more guidance and we'll amend it.

In a separate mail you also noted that the document was out there for a full year without any acknowledgment of your work while that was actually part of the document. I do feel we wronged you by this, but I do not know how can we remedy this for already "archived" publications of the draft.


> 
>  I fail to understand how this point has been misunderstood.


I'm providing an explanation here. Please do not take it as an excuse but rather as what we see to be an honest and certainly not a flattering sequence of our choices. I hope to save others from repeating our mistakes in future.

We (the authors) have made a series of decisions immediately preceding -06 and following -06 which lead to breakdown in communication and generated significant frustration in others. The ones I'm aware of are:
 1) We used the text you suggested verbatim in -06 without adding an attribution at the same time. This was a big negligence on our part. We thought this would show responsiveness by aggregating verbiage of others, but in this we neglected that any significant addition requires and equally significant acknowledgment.
 2) By the time of Scott's mail, we already committed ourselves to do more research into vulnerabilities to expand on what you already provided and for that reason we left the mail unanswered at the time.
 3) The work proved to be more time consuming than we expected and this was reflected in barely keeping up with expiration deadlines. There was only -07 in August and -08, the first version which included an attribution, last February. Almost a full year after -06. I can only imagine how your frustration must have been growing as months were passing while we were completely unresponsive and acknowledgment nowhere to be seen. This was another big negligence on our part.
 6) In the meantime we neglected to update the WG with information on:
   6.a) What work we were doing. This robbed the WG of the chance to set us on a better course of action.
   6.b) What were the intermediate results of the work even if not yet captured in a draft update.
   6.c) Overall progress of the work related to the draft between the sparse updates.

Even for this list I do not claim a perfect hindsight. If I missed more mistakes that we've made along the way, it would be good to repeat what it was even if it's probably frustrating to repeat what was already said or written.

   

> 
>> I do not wish to ignore the metaphorical elephant in the room. However, I wish to split technical and organizational conversations into their separate threads to avoid confusing the two. While I'll be describing changes in the "technical" conversation, I and the rest of the authors will continue listening and responding to Alan's organizational criticism, past and future, in what we believe is the most constructive way: improving in the areas where we were found wanting.
> 
>  The goal *is* to have a specification after all.
> 
>  I am, however, deeply concerned at the miscommunication.  The messages could not have been more clear for the past year, and they are *still* being misunderstood.

I think we've got to the point where acknowledgment is in section 10 since February (added in revision -08, expanded on in -10).

Separate thread of mails is/will_be dealing with the changes to the document. That I think is the first step towards getting us back on track and in line with what is an expected standard of communicating. I think this was a big part of the problem that we caused and you were rightfully pointing it out.

I'm sure there are other ways we can do better and I'm still in the process of canvasing through mailing list archives to find what else I personally missed. But I think the lack of acknowledgment for your work and lack of communication are the top two issues to address ASAP and ones I think we're now visibly addressing.

If I am still missing something, I am at a loss. I honestly *think* that we're now visibly and openly addressing the two major issues we've caused.


Andrej Ota.