These are worthy goals, for sure. I'm not necessarily persuaded that posting jobs here is the best way to do that.
With the exception of a few people, we usually only hear from CA's when their stuff is up for consideration or when they've done something wrong. Perhaps if CA's were more engaged here generally, I'd feel better about posting jobs? If CA's were more active in sharing their good works and seeking input or feedback from the broader community, perhaps we'd see better, more robust security as well? Just a thought. Also, what will we do if just anyone starts posting jobs? Original Message From: Ryan Sleevi Sent: Saturday, May 28, 2016 11:29 PM To: Peter Kurrasch Reply To: r...@sleevi.com Cc: Kathleen Wilson; mozilla-dev-security-pol...@lists.mozilla.org Subject: Re: Job: Is it OK to post a job listing in this forum? Reposing from the right email address... On Fri, May 27, 2016 at 5:36 AM, Peter Kurrasch <fhw...@gmail.com> wrote: > I'm opposed to allowing job postings in this forum. The focus should be > policy as that is the reason we have gathered here. > > Job postings generally are intended for people in a particular country with > a particular level of experience who are actively seeking or receptive to a > new job. Sending out off-topic messages that are intended for a subset of a > subset of a subset of people here sounds like spam to me. Policy and engineering are often intertwined - especially in the CA space. Our ability to enact meaningful policies that protect users is often directly correlated to CAs (and site operators) abilities to enact changes. Things like CAA, name constraints, and short-lived certificates are all prime examples of this - they relate to policies but require engineering. I would think that if we want to improve the state of the ecosystem, we also need to improve the state of the engineering. And it's clear that this forum, of perhaps all those out there, has the right confluence of people passionate about policy and interested in the engineering side. While I don't know to what extent the broader (lurking) community is able and receptive to such postings, the active participants are at least interested in developing a robust approach to user security - that is why we're here and care about the policies. If they could get paid for that (as many presently are volunteers), isn't that a win? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
