Really appreciate your kind words and the effort required in getting your arms around so much material so quickly.
it would be really useful if there were a TLDR version
I agree; I'm hoping that the tech press takes up this topic, but an "official" one would make engagement much faster.
I think the labeling should be simple - like a small discrete set of classes for compliance that can be extended over time with further rules. So 20 years security updates is “platinum” 10 years is “gold” 5 is “silver” or something. Then the classes of label can accrete meaning over time as you enhance your proposals.
This is how I'm thinking about it too -- not just for support term, but for all kinds of things, FOSS firmware in escrow, bankruptcy transition plan, responsibility to publish and implement fixes from public databases -- there's so much that might go into each tier, and while I have my own ideas, it would be great to see the tech community take up these questions.
in some ways a way to work best is right here in the HN comments and then lifting material up into your direct work via the proposal and statement
Also true, and my team will be doing a detailed after-action on this thread once it winds down.
To that end maybe reaching out earlier in the process to get feedback would work
That's one to grow on for next time. The good news is that the final rule (I'd expect end of Q2 2024) will also be subject to notice-and-comment.
Seriously, a huge thank you for your close engagement. I'm really excited about what the tech world can bring to this high-level proposal.
it would be really useful if there were a TLDR version
I agree; I'm hoping that the tech press takes up this topic, but an "official" one would make engagement much faster.
I think the labeling should be simple - like a small discrete set of classes for compliance that can be extended over time with further rules. So 20 years security updates is “platinum” 10 years is “gold” 5 is “silver” or something. Then the classes of label can accrete meaning over time as you enhance your proposals.
This is how I'm thinking about it too -- not just for support term, but for all kinds of things, FOSS firmware in escrow, bankruptcy transition plan, responsibility to publish and implement fixes from public databases -- there's so much that might go into each tier, and while I have my own ideas, it would be great to see the tech community take up these questions.
in some ways a way to work best is right here in the HN comments and then lifting material up into your direct work via the proposal and statement
Also true, and my team will be doing a detailed after-action on this thread once it winds down.
To that end maybe reaching out earlier in the process to get feedback would work
That's one to grow on for next time. The good news is that the final rule (I'd expect end of Q2 2024) will also be subject to notice-and-comment.
Seriously, a huge thank you for your close engagement. I'm really excited about what the tech world can bring to this high-level proposal.