[trustable-software] Trustable Software next steps
Paul Sherwood
paul.sherwood at codethink.co.uk
Fri Nov 4 11:49:58 UTC 2016
One topic which keeps cropping up in private as we expand on this
discussion is whether we need an industry membership forum or foundation
etc, so I'd like to clarify some things on that in public now.
In my view many previous (and some current) organisations have failed to
move the needle as a result of
- getting their scope wrong
- getting their initial ground-rules wrong
- locking down controlling interests and membership structures too early
- letting the marketing people run the show
Here, I'm hoping to foster a candid community of grown-up engineers and
see how far we can get without falling into the above traps.
However it's clear to me that we need to start getting real work done.
Talk is cheap, as they say :) and since the original call-to-action [1]
there have been many new examples of how broken things are. Just in the
last couple of weeks we've seen Dirty COW [2], DNS takedown [3], a
hospital system shutdown [4]...
So as a heads-up, here's what I (and I'm speaking also on behalf of
Codethink) can commit to:
- we've obtained the trustable.io domain, and will migrate this list
there over the coming weeks
- we'll add a public git-backed wiki for collaborative documentation
- we'll establish that any/all contributions on the wiki are licensed as
CC0 [5]
- we'll publish any/all code we contribute either as copyleft or more
permissively, depending on preferences/needs of applicable communities
- we'll maintain and safeguard the domain and the infrastructure
- we'll transfer the ownership of the above into whatever formal entity
the community discussion leads to, if/when the community becomes
sufficiently active and diverse to give confidence that it can't be
closed or subverted by a controlling interest group
- we'll commit at least two FTE to ongoing contributions into this
initiative
Over the coming months I'll be asking partners, colleagues, customers
and friends to consider how they can best contribute also.
br
Paul
[1]
https://lists.veristac.io/pipermail/trustable-software/2016-July/000000.html
[2]
https://www.theguardian.com/technology/2016/oct/21/dirty-cow-linux-vulnerability-found-after-nine-years
[3] https://dyn.com/blog/dyn-statement-on-10212016-ddos-attack/
[4]
https://krebsonsecurity.com/2016/11/computer-virus-cripples-uk-hospital-system/
[5] https://creativecommons.org/share-your-work/public-domain/cc0/
More information about the trustable-software
mailing list