Re: CD PROPOSAL: INCLUSION - Interim Decision 8/23
I think there are a lot of dangers in adopting a majority vote scheme (versus
consensus or a strong super-majority). Specifically, where it's impossible
to achieve rough consensus on a technical matter, it often means that the
group does not know what a good decision is. Hence it is quite likely to
make a poor one. Time pressure enhances this tendency. Secondly, people in
the losing faction have their feathers ruffled and are inclined to quit,
badmouth the decision, etc.
The "preferred" language isn't reassuring. It goes without saying that it
would be preferred if everyone voted the same. What matters is the actual
principle that will be applied when there's three ACCEPTS, and two REJECTS.
On the other hand, consensus often takes a long time to achieve, and
reasonable timeliness is very important here. It will be interesting to see
if it works.
Are we going to concentrate all these process decisions in a single "bylaws"
document or some such (handily available on the web for when we forget what
we agreed to?)
"Steven M. Christey" wrote:
> Please vote on this pervasive content decision using the space
> provided below.
> Content Decision: INCLUSION (What to include in the CVE)
> (Member may vote ACCEPT, MODIFY, REJECT, or NOOP.)
> A candidate vulnerability may be included in the CVE if all of the
> following conditions hold:
> 1) It satisfies the CVE vulnerability definition
> 2) It does not satisfy any Exception (see other content decisions)
> 3) At least 50% of active voting members vote to ACCEPT or MODIFY the
> 4) At least 2 non-MITRE members from different organizations vote on
> the candidate, preferably 3. If there are more than 5 active voters,
> then 75% of active voters will be preferred.
Stuart Staniford-Chen --- President --- Silicon Defense
(707) 822-4588 (707) 826-7571 (FAX)