Re: RFC Editor Function SOW Review

To: Todd Glassey <tglassey at earthlink.net>
Subject: Re: RFC Editor Function SOW Review
From: "Marcus Leech" <mleech at nortel.com>
Date: Tue, 18 Jul 2006 14:40:22 -0400
Cc: Pete Resnick <presnick at qualcomm.com>, IETF Administrative Director <iad at ietf.org>, IETF Announcement list <ietf at ietf.org>
In-reply-to: <33397511.1153246205402.JavaMail.root@elwamui-norfolk.atl.sa.earthlink.net>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <33397511.1153246205402.JavaMail.root@elwamui-norfolk.atl.sa.earthlink.net>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4.3) Gecko/20040803

Todd Glassey wrote:

Hmmmm... The SOW MUST define all the elements of the Editor's responsibility and all the specific tasks they perform as well as the SLA's for those Tasks. It also MUST address the SOD (Separation of Duties) within the Editor's work since they are altering the IP submitted.

Without that ther is no comprehensive model for evaluating how well the IETF met its standards and whether it caused damage to others in the process.

Todd Glassey as an Auditor.

Methinks you've drunk too deeply of the SOX Kool-Aid, Todd. Along what lines would you suggest that the RFC Editor "separate its duties"?

Perhaps you would also reccommend that the guy who replaces the air freshener blocks in the mens bathroom not also be the same guy who fixes the plumbing? Or maybe the guy who diagnoses your automotive problems be different from the guy who actually fixes it? Perhaps in the RFC-Editor function, the person who fixes missing commas and semi-colons, should be different from the person who addresses clarity and normative reference issues? Yup, that's an efficient use of everyone's time and money.

SOD was designed to prevent certain types of financial faud in *financial software development and deployment processes*, and other similar processes where separation of duty is essential to maintain certain properties of the overall process. SOX-mania has become a toxin that has clouded most peoples thinking in this area, and I'm loathe to accept that IETF processes must be held hostage to an ill-conceived set of guidelines promulgated by the utterly-irrelevant-to-the-IETF Public Companies Accounting Oversight Board. The IETF isn't a publically-traded company, last time I checked, and even if it were, the SOD provisions of SOX (and Audit Standard 2, which clearly you've consumed wholesale) clearly wouldn't apply.

I suggest, Todd, that you switch to another beverage, because the SOX Kool-Aid is clearly doing neither you nor anybody else any good.

--

Marcus Leech                            Mail:   Dept 1A12, M/S: 04352P16
Security Standards Advisor        Phone: (ESN) 393-9145  +1 613 763 9145
Strategic Standards
Nortel Networks                          mleech at nortel.com

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: RFC Editor Function SOW Review
  - From: Joe Touch

References:
- Re: RFC Editor Function SOW Review
  - From: Todd Glassey

Prev by Date: Re: RFC Editor RFP Review Request
Next by Date: LA -> San Diego transportation (Was: Re: Meetings in other regions)
Previous by thread: Re: RFC Editor Function SOW Review
Next by thread: Re: RFC Editor Function SOW Review
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: RFC Editor Function SOW Review

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.