[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVE ID Syntax vote - Please read



Would re-opening of the identifier discussion delay implementation until 2015? If not, I have some concerns about all implementers being able to implement a choice that upon first use would immediately require some sort of code change for anyone currently implementing a strict interpretation of the current format.

 

If there are entities that feel additional discussion is imperative, I don’t wish to stand in the way, but I would also urge that we not let “the perfect be the enemy of the good”.

 

Regards,

 

-Harold

 

From: owner-cve-editorial-board-list@lists.mitre.org [mailto:owner-cve-editorial-board-list@lists.mitre.org] On Behalf Of Boyle, Stephen V.
Sent: Thursday, May 30, 2013 8:16 PM
To: cve-editorial-board-list
Cc: Boyle, Stephen V.
Subject: CVE ID Syntax vote - Please read

 

As everyone reading this list knows, we recently closed the second voting period for a new CVE ID Syntax. As always, MITRE is committed to the open and transparent conduct of Board activities and we will address at any time questions, concerns, or comments raised by any member of the CVE Editorial Board.

 

However, as we noted in our email of 23 May, there were concerns noted by Board members about the conduct of the discussion and the specification of the length for the fixed-length option. In addition, there was a specific suggestion for a revote with a modified Option A. (See email from Ken Williams to the Editorial Board list of 5/17/2013, 8:24 AM EDT.) Because of the concerns raised and, most importantly, because of the gravity of the CVE ID Syntax change, it is critical to ensure that any questions or concerns raised by, or that otherwise exist in the minds of, Board members be given full voice.

 

At this time, we consider the call for a revote to be a motion to rescind the second round vote.

 

The purpose of rescinding the vote would be so that we can more fully explore the voting options and the concerns of Board members, recognizing that such an action would necessarily reduce the time available for implementers to develop and test software to support a different CVE ID syntax. If the motion to rescind the vote is seconded or otherwise affirmed by any eligible voting member of the CVE Editorial Board (other than Ken Williams, obviously), here is how we propose to proceed.

 

Conduct of a vote to rescind and follow on actions

-----------------------------------------------------------------

- The period in which a second for the motion to rescind will be allowed is from today through Wednesday, June 5th 2013 at 11:59 PM EDT. If no second or other call for a revote is received during that period, the second round vote will be declared valid and we will proceed with the work to implement Option B as the new CVE ID Syntax for 2014.

 

- On receipt of a second to the motion to rescind, the question will be put to a vote by the Editorial Board.

 

- The period for a vote to rescind the second round selection vote will be from Monday, June 10th 2013 at 12:01 AM EDT through Monday, June 17th 2013 at 11:59 PM EDT.

 

- If any Board member so chooses, the period between now and the opening of the possible vote on the motion to rescind can be used for discussion on the Board list.

 

- A vote on the option to rescind the second round vote will explicitly *not* be to choose between options for the new ID Syntax. It will only be a vote on the question of whether or not to rescind the second round vote to allow for more discussion and another vote to select the ID Syntax.

 

- The rules for a vote to rescind would be:

    - Votes from a simple majority of the 23 eligible voting members must be received to consider the vote valid

    - A simple majority of the valid votes cast is required to carry the motion to rescind the second round vote

    - Votes must be received to the Editorial Board mailing list within a specified voting period to be considered valid.

    - The first vote cast by any individual or organization is to be considered the valid vote.

 

- If the vote on the motion to rescind is invalid (e.g., an insufficient number of votes is received during the voting period, formal abstentions, etc.), the motion to rescind will be considered to have failed and we will proceed with the work to implement Option B from the second round vote.

 

- If the vote on the motion to rescind is valid and the motion *does not* carry, then the second round vote will be deemed valid and we will proceed according to the results of that vote.

 

If the vote on the motion to rescind is valid and the motion *does* carry, then we will open a new discussion period, followed by a new voting period, according to the following goals and timetable:

 

- We propose a two-week discussion period to allow all views to be fully discussed and, if necessary, changes to the most-recently proposed ID Syntax choices to be formulated.

 

- We will then call for a "validation" vote in which the Board will confirm or deny the two options to be presented for the selection vote. We feel this is necessary because in both previous rounds of voting on the options, concerns were raised during the voting periods that might have otherwise been expected to surface during the discussion periods. The additional "validation" vote on the specific options will be to guarantee that MITRE has correctly interpreted the consensus wishes of the Board prior to opening the voting period for the selection of the new CVE ID Syntax.

 

- The new discussion period would open Wednesday, June 19th 2013 at 12:01 AM EDT, and close on Wednesday, July 3rd 2013 at 11:59 PM EDT.

 

- The Validation vote would open on Wednesday, July 10th 2013 at 12:01 AM EDT and close on Wednesday, July 24th 2013 at 11:59 PM EDT.

 

- If the validation vote passes, i.e., if the Board affirms the two options to be offered for the selection vote, the selection voting period will open on Monday, July 29th 2013 at 12:01 AM EDT and will close on Monday, August 12th 2013 at 11:59 PM EDT.

 

 

Summary Timetable

--------------------------

- 05/30/13 - Immediately (Thursday) - Period for a possible second to a motion to rescind the second round selection vote opens

- 06/05/13 - 11:59 PM EDT  (Wednesday) - Period for a possible second to the motion to rescind the second round vote closes

 

If a second is made to the motion to rescind:

- 06/10/13 - 12:01 AM EDT (Monday) - Voting on motion to rescind second round vote opens

- 06/17/13 - 11:59 PM EDT (Monday) - Voting on motion to rescind second round vote closes

 

If the motion to rescind the second round vote carries:

- 06/19/13 - 12:01 AM EDT (Wednesday) - Discussion period on CVE ID Syntax options opens

- 07/03/13 - 11:59 PM EDT (Wednesday) - Discussion period on CVE ID Syntax options closes

 

- 07/10/13 - 12:01 AM EDT (Wednesday) - Validation vote on proposed ID Syntax choices opens

- 07/24/13 - 11:59 PM EDT (Wednesday) - Validation vote on proposed ID Syntax choices closes

 

If the validation vote passes, i.e., if the Board affirms the two options to be offered for the selection vote:

- 07/29/13 - 12:01 AM EDT (Monday) - ID Syntax selection voting period opens

- 08/12/13 - 11:59 PM EDT (Monday) - ID Syntax selection voting period closes

 

As of now, the period during which a second or other affirmation of the motion to rescind the second round vote is open.

 

Best Regards,

Steve Boyle

 

 

 


Page Last Updated or Reviewed: October 03, 2014