[DISCUSS][VOTE] CVE creation process

[Ralph Goers <ra...@dslextreme.com>]

I would have recommended doing this vote by lazy consensus - i.e. you only 
need to vote if you object, since we have previously discussed this and no 
one seemed to object.

Ralph

> On Jan 3, 2022, at 4:59 AM, Volkan Yazıcı <vo...@yazi.ci> wrote:
> 
> Hello,
> 
> As discussed earlier[1], this is a vote to introduce the process that
> enforces CVE submissions and their content should be first subject to
> voting using the (private) `security@logging.apache.org` mailing list.
> 
> [] +1, accept the process
> [] -1, object to the process because...
> 
> The vote will remain open for 72 hours (or more if required). All
> votes are welcome and we encourage everyone to participate, but only
> Logging PMC votes are “officially” counted. As always, at least 3 +1
> votes and more positive than negative votes are required.
> 
> Kind regards.
> 
> [1] https://lists.apache.org/thread/qd7mr5pt9kby3lkz4j49304tkqgm9yhl
> 

Re: [DISCUSS][VOTE] CVE creation process

[Matt Sicker <bo...@gmail.com>]

Lazy approval is the technical term for the voting style you’re describing. Lazy consensus is how committers and PMC members are voted on. Snippet:

* Lazy consensus requires 3 binding +1 votes and no binding vetoes.
* A lazy majority vote requires 3 binding +1 votes and more binding +1 votes that -1 votes.
* An action with lazy approval is implicitly allowed unless a -1 vote is received, at which time, depending on the type of action, either lazy majority or lazy consensus approval must be obtained.

Taken from https://logging.apache.org/guidelines.html <https://logging.apache.org/guidelines.html> which would be great to modify to add this type of vote to, but it says modifying the doc requires 2/3 majority of the PMC to approve.
--
Matt Sicker

> On Jan 3, 2022, at 09:49, Ralph Goers <ra...@dslextreme.com> wrote:
> 
> I would have recommended doing this vote by lazy consensus - i.e. you only 
> need to vote if you object, since we have previously discussed this and no 
> one seemed to object.
> 
> Ralph
> 
>> On Jan 3, 2022, at 4:59 AM, Volkan Yazıcı <vo...@yazi.ci> wrote:
>> 
>> Hello,
>> 
>> As discussed earlier[1], this is a vote to introduce the process that
>> enforces CVE submissions and their content should be first subject to
>> voting using the (private) `security@logging.apache.org` mailing list.
>> 
>> [] +1, accept the process
>> [] -1, object to the process because...
>> 
>> The vote will remain open for 72 hours (or more if required). All
>> votes are welcome and we encourage everyone to participate, but only
>> Logging PMC votes are “officially” counted. As always, at least 3 +1
>> votes and more positive than negative votes are required.
>> 
>> Kind regards.
>> 
>> [1] https://lists.apache.org/thread/qd7mr5pt9kby3lkz4j49304tkqgm9yhl
>> 
>