Hi Everyone/Niels,
Forgive me for asking...
Does Nettle have backup maintainers? If so, can you name them and provide their public keys in case something happens to Niels.
Sweden has been criticized for its handling of the coronavirus. The country seems to be engaging in relatively risky behavior. [1]
[1] https://time.com/5817412/sweden-coronavirus/
Jeff
Jeffrey Walton noloader@gmail.com writes:
Does Nettle have backup maintainers? If so, can you name them and provide their public keys in case something happens to Niels.
I don't think the current situation warrants other preparations than the everyday risks of accidents and sudden illness. And I'm not aware of any practical preparations.
Sweden has been criticized for its handling of the coronavirus.
I'm aware that there's some debate, but I'm not really following that politics. In case the list is curious, I can describe what it's like from my perspective.
I live in the Stockholm region (roughly 2 million people). Current numbers are 210 confirmed infections (cumulative) per 100 000 inhabitants, which is third highest in the country. Last week roughly 200 new cases per day in the region, and there's some hope we're past the peak of that curve, but still unclear. 400 people (cumulative) in intensive care, 700 dead (still numbers for the region, for all of Sweden, 950 intensive care cases, 1200 dead). Official numbers here: https://experience.arcgis.com/experience/09f821667ce64bf7be6f9f87457ed9aa.
I've been working from home since March 11, when google started to generally close down the European offices. My partner has been working from home almost as long; we now have one living room office and one bedroom office. I haven't been to the city center since then, but I've been told that traffic is like a Sunday morning all week. We've cancelled all our planned travel. We still have local errands, maybe twice a week. Both grocery store and hardware store are within walking distance.
Kids go to school, and can also go to other activities and visit their friends. Child care and schools up to roughly grade 6 are generally open, but with fewer staff and children since anyone with the slightest symptoms is asked to stay home. Shops are open, but calmer than usual. Most nearby restaurants are open, but have appeared mostly empty when I've walked past. My guess is that they're having a hard time and trying to survive on take-away.
I take a walk outdoor almost every day, I think that's quite important for both physical and mental health. It's spring, and a lot of people walking or running outdoors, in particular on the paths close to the water. The outdoor café by the water has been somewhat busy, but not overly crowded.
Regards, /Niels
On Thu, Apr 16, 2020 at 3:34 AM Niels Möller nisse@lysator.liu.se wrote:
Jeffrey Walton noloader@gmail.com writes:
Does Nettle have backup maintainers? If so, can you name them and provide their public keys in case something happens to Niels.
I don't think the current situation warrants other preparations than the everyday risks of accidents and sudden illness. And I'm not aware of any practical preparations.
I think that's a very bad idea. It is certainly not a good risk based approach.
Consider, companies have Disaster Recovery and Business Continuity programs that plan for events with probabilities 1/11M (airplane crash) or 1/500,000 (bus crash).
You're claiming DR/BC is not needed for an event with a probability of 1/14 (death in Sweden) or 1/24 (death in US). Those probability are better odds then some games at a casino.
Jeff
On 16.04.20 09:58, Jeffrey Walton wrote:
On Thu, Apr 16, 2020 at 3:34 AM Niels Möller nisse@lysator.liu.se wrote:
Jeffrey Walton noloader@gmail.com writes:
Does Nettle have backup maintainers? If so, can you name them and provide their public keys in case something happens to Niels.
I don't think the current situation warrants other preparations than the everyday risks of accidents and sudden illness. And I'm not aware of any practical preparations.
I think that's a very bad idea. It is certainly not a good risk based approach.
Consider, companies have Disaster Recovery and Business Continuity programs that plan for events with probabilities 1/11M (airplane crash) or 1/500,000 (bus crash).
You're claiming DR/BC is not needed for an event with a probability of 1/14 (death in Sweden) or 1/24 (death in US). Those probability are better odds then some games at a casino.
Jeff,
if I get you correctly, you are concerned about what happens to the project in case Niels stops maintaining it, be it on purpose or accidentally.
The answer is the same as for many projects with just one driver/maintainer - *anybody* is able to jump in and take over by forking the git repository.
If Niels has resources (docs, web pages, etc) outside a public place, he could consider putting those into a public repository as well (his personal choice).
That is one of the *huge* advantages of open source in comparison to closed source (e.g. companies that you cite).
@Niels Thanks for giving insight to your living with the current situation. Sounds like pretty much the same as here in northern Germany.
Wishing the best for everybody !
Regards, Tim
On Thu, Apr 16, 2020 at 12:44 AM Jeffrey Walton noloader@gmail.com wrote:
Sweden has been criticized for its handling of the coronavirus. The country seems to be engaging in relatively risky behavior. [1]
It is a way too early to make any conclusion. There is no winner strategy here. Basically Finland where I live uses "slow it down" approach. Sweden uses a bit more relaxed approach. Spain and Italy uses "slow it down" approach too with severe limitations. While Sweden has a more relaxed way they do much better than Italy or Spain (perhaps because cultural difference). While their current numbers look worse than here in Finland, the numbers might get closer with time. What I see is that Sweden's strategy has gotten closer to Finland's, and vice-versa. Then there are countries like South Korea that use surveillance, tracing, and strict guarantines. The South Korea's strategy may also end up bad as they basically rely on vaccination that may or may not happen or takes very long as with that they might not gain herd immunity (if that is possible to gain). There are other factors too, Sweden might end up a bit more deaths than Finland (per million), but Finland may endup with a more severe economic disaster. Or we may endup with same number of deaths, but here in Finland it just takes longer (and perhaps health care it not that overloaded). Recent numbers from Sweden already show declining rate of new infections. So perhaps their strategy can work. But as said, too early to make any conclusion about it.
I agree with Tim. If project is of any importance, as I think Nettle is, there is no problem in finding a new maintainer in case it is needed.
Regards Aapo
On Thu, Apr 16, 2020 at 12:50 PM Aapo Talvensaari aapo.talvensaari@gmail.com wrote:
On Thu, Apr 16, 2020 at 12:44 AM Jeffrey Walton noloader@gmail.com wrote:
...
I agree with Tim. If project is of any importance, as I think Nettle is, there is no problem in finding a new maintainer in case it is needed.
If Niels dies then here is what happens (sorry Niels)...
Nettle at Lysator becomes stale over time and bugs won't get fixed because no one has access to the sources. Most users will continue to use Lysator because that is what search engines return.
I'll fork and fix OS X. Some users will use my fork.
Tim will fork and add curve448 stuff. Some users will use Tim's fork.
Now you have three different forks and the only official source is proverbially dead. Forking has turned the Maven [in]security problem into hundreds of additional problems.
The loader is brain dead and can't figure out which library a program compiled/linked against. The shared objects are not interchangeable so users get enjoy a DoS.
Planning to avoid problems like these are usually outside of a developers forte. Folks like Management, Security Engineers and Security Architects worry about the big picture items, like ensuring continuity.
Peter Gutmann has a really good book that discusses topics like these, see Engineering Security, https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf. Another good book is Ross Anderson's Security Engineering, https://www.cl.cam.ac.uk/~rja14/book.html.
Jeff
On 16.04.20 19:54, Jeffrey Walton wrote:
On Thu, Apr 16, 2020 at 12:50 PM Aapo Talvensaari aapo.talvensaari@gmail.com wrote:
On Thu, Apr 16, 2020 at 12:44 AM Jeffrey Walton noloader@gmail.com wrote:
...
I agree with Tim. If project is of any importance, as I think Nettle is, there is no problem in finding a new maintainer in case it is needed.
If Niels dies then here is what happens (sorry Niels)...
Nettle at Lysator becomes stale over time and bugs won't get fixed because no one has access to the sources. Most users will continue to use Lysator because that is what search engines return.
https://www.lysator.liu.se/foreningen/kontakt/
I'll fork and fix OS X. Some users will use my fork.
Tim will fork and add curve448 stuff. Some users will use Tim's fork.
Given that we have some sort of communication skill, we can publicly talk about our plans on this mailing list and agree upon future maintenance. I really don't see any problems as long as *at least* one person is willing to become maintainer. Everything else is details.
Tim
nettle-bugs@lists.lysator.liu.se
-
Aapo Talvensaari -
Jeffrey Walton -
nisse@lysator.liu.se -
Tim Rühsen