|
|
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [CVEPRI] Content Decision Adoption Process
All: As mentioned in the past, a large number of candidates are being held back by content decisions that have not been fully discussed by the Editorial Board. There are over 40 content decisions at this time. Many content decisions (CD's) were proposed in summer 1999, but only a few of them received sufficient review by the Editorial Board, as this took place just before CVE was publicly released. Additional discussions took place at the AXENT meeting in March 2000. As of this posting, almost 300 active candidates are affected by unresolved content decisions. That's almost half of all active candidates. 50 candidates are documented in security advisories from trusted organizations. 70 could be ACCEPTed right now if they were not being held back by unresolved CD's, and another 100 are one more vote away. Of the most concern, however, is the fact that 170 of those candidates have been active since before September 1999. Almost 60 of them will turn a year old in June! Unresolved content decisions are a critical bottleneck at this time, since they are holding back important candidates for serious problems that should be official entries by now. Past experience indicates that some of these CD's could be debated for months, leaving candidates languishing in the process. On the other hand, I believe it is important that the Editorial Board at least review these issues so that the finalized content decisions are well thought out and consistent. With this in mind, I propose the following approach: 1) Several content decisions will be proposed to the Board per week, with the most critical ones first. The [CD] tag will be used in the Subject lines. Specific examples will be provided. Affected candidates will be labeled in the voting record so that non-Board members can see why some year-old candidates are languishing. The new Board voting site, when published, will list the associated CD's with the candidate. CD's are already listed in vote summaries. 2) The Board will be given 1 month to review and discuss the CD's. This reduces the chance that vacations or deadlines prevent a Board member from reviewing the CD, but it also allows us to finalize them quickly and allow the associated candidates to move into Interim and Final Decisions. 3) CD's will be modified appropriately as the Board reaches consensus. Dissenting opinions will also be recorded. 4) After one month, MITRE will hold a vote to adopt the CD. The voting period will last 2 week. MITRE will then use the vote to guide its Final Decision (it is expected that very few CD's will receive unanimous approval). A minimum of 5 votes will be required, and the majority of those votes will be deemed sufficient for adoption of the CD. The completed CD will be published on the CVE web site so that interested individuals can obtain this information. Dissenting opinions will also be included. 5) Affected candidates will be "released" and processed according to normal voting rules. The first set of content decisions will be proposed next week. Feedback on this process is welcome. - Steve
|
||||
