Scott Kitterman <deb...@kitterman.com> writes: > I think that can work both ways. I am old enough to have seen many > instances of some new hotness coming along and any objection to it being > swept aside because it was clear that the people objecting just didn't > understand why the new hotness was so wonderful and why their concerns > didn't matter anymore. My experience has been that when those concerns > have been ignored (they usually are), things often don't end well.
I'm not quite sure how to phrase this (mostly because I want to use much stronger language), but I find the belief that what we have just done over the past week and a half somehow constitutes ignoring concerns to be rather remarkable. A whole lot of other people have been involved in this discussion and deep in the analysis, but for the moment, I'll just speak for myself here. I have, to the absolute best of my ability, taken every concern that people have raised very seriously. I have spelled out exactly where I agree with them and where I disagree with them, I have tried to explain in great detail precisely why I disagree with the concerns that I disagree with, and I posted an entire formal security analysis to that effect. In the places where I was wrong, I have tried to say openly that I was wrong and go back and correct the mistaken things that I said. Having all of that quite significant work, which has substantially eaten into a much-needed vacation and which has literally kept me up nights, dismissed as ignoring concerns is.... Well, I guess I don't have words for that. At least not ones that I want to write on this mailing list. You are entitled to believe that my analysis is wrong. You are not entitled to claim that I didn't do the work that I did, quite publicly and openly, right here on this mailing list for everyone to see. -- Russ Allbery (r...@debian.org) <https://www.eyrie.org/~eagle/>