Subject: Re: [sarif] Fwd: Re: Public comment mechanism?
At last Friday's editorial meeting, I took an action item to find out how public comments worked, and whether they worked differently for random comments that arrive while we are still working (unrelated to a draft), vs. comments that arrive in response to a Committee Specification Draft.
I asked Chet Ensign about this, and he responded with such a wealth of information that I got his permission to forward his response to you.
---------- Forwarded message ----------
From: Chet Ensign <firstname.lastname@example.org>
To: David Keaton <email@example.com>
Date: Tue, 13 Mar 2018 09:55:38 -0400
Subject: Re: Public comment mechanism?Good morning David,This is very interesting! The TAB proposed a similar idea to the Board Process Committee last year. The idea was that a work product could be in an essentially continuous public review that would have to run for a minimum time frame but could keep going on until the TC issued a final call for comments. The committee chose not to take it up at the time. I'd like to see how this works for you. If it goes well, I may take it back to the board as a real-world example.My take has always been that a TC should treat comments the same whether or not they come during a formal public review. They should be logged, tracked, resolved and reported out in some routine way.The standard means for collecting comments it the TC's comment email list firstname.lastname@example.org-
open.org. Use of that list ensures that commenters have received notification of the IPR commitments they make with respect to their comment.We envisioned that once TCs started using GitHub, non-TC members would be able to provide feedback there as well, whether by opening issues or by proposed edits / pull requests. A bit more care needs to be taken there, depending on the feedback. If someone, for example, issues a pull request that fixes a bunch of typos, all well and good. The repo has the license and contributing README pages that spell out terms under which contributions to the GitHub are made.On the other hand, if someone issued a pull request that proposed some more substantive comments, I would suggest being a bit more cautious depending on just how significant it was. Say, for example, someone submits a proposed security model for the TC to consider incorporating. Obviously, you want to be sure that you can incorporate it without any concern about the person later asserting an IP claim and demanding royalties or credits on the spec or anything entanglements like that. Were that the case, I would first check to make sure the person had filled out the OASIS CLA form acknowledging that they give us the rights to use their contribution. If they hadn't, I would point them to it and ask that they do that so that the TC can consider and accept the pull request. Or, alternatively, ask them to submit it to the comment list. We can help with the details on those steps if you need them.So as you can see, the use of comments through the GitHub requires more attention to detail on your part. The flip side, of course, is that it is a more convenient way for people to provide feedback.Also, in case this is of interest, I note that you are loading the doc files to the repo. If you all are interested, we're working with a couple of TCs to finalize a markdown template for OASIS specs. The idea is that the TCs can use that to produce draft documentation and we will produce the HTML and PDF from it when the time comes. Instead of seeing binary blobs, you can see the content right there.This give you what you need?/chetOn Mon, Mar 12, 2018 at 7:34 PM, David Keaton <email@example.com> wrote:Chet,
Hi. I have a question about public comments. What mechanism will people use to submit public (outside the committee) comments to the SARIF TC?
I'm asking because we are considering two different types of public comments. One type is comments that come in randomly while we are still working (not connected to a draft), and the other is comments that arrive in response to a Committee Specification Draft. Is the same mechanism used for both cases? Since we operate out of a github site, is that part of the process (or could it be if we wanted it to be)?
Right now I'm just gathering information, not making a request for us to use a particular mechanism.
To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail. Follow this link to all your TCs in OASIS at: