No, this post is not about certificates :-))
We want to make Mozilla as open a project as possible, which means that ideally there would be no parts of what we do which were closed to input from particular sections of the community. Question: how does Mozilla acquire sufficient trust in a potential community member that we could let them work in sensitive areas? Sensitive areas might include ones where they were working with confidential data belonging to users or employees, or working with partners under NDA, either temporary or permanent. We would not want someone untrustworthy in such a position.
Here is a (probably incomplete) list of ways to establish trust between a truster and a trust-ee:
- A) Recommendation from 3rd party already trusted by truster
- B) Trust-ee putting something at risk (deposit)
- C) Legal contract with penalties
- D) Demonstration of bona fides (e.g. by being faithful in small things)
- E) Gut instinct
- F) Trust-ee revealing verified identity information
- G) Default to trust; remove trust if trust broken
When Mozilla employs someone, we have sufficient trust in them because of B) (their job is the thing at risk if they violate trust), C), F) and perhaps a little of A). How do we go about establishing similar trust with someone we don’t employ?
Here are some comments on each:
- A) doesn’t scale well to a globally-distributed organization, where we regularly get new people who know no Mozillians in real life.
- B) This is a difficult thing to ask of new community members. What options are there? Money? Something else?
- C) IT went for this one, but it might be too heavyweight for some. (Of course, it might be required by law in some cases.)
- D) This is how things work normally; we are looking for a way to speed this process up.
- E) This works right up until it doesn’t…
- F) We could investigate this; obtaining such identity proof might involve a time and/or money cost for the contributor.
- G) Possible in some circumstances, but not the difficult ones. Perhaps involves an overly-rosy view of human nature.
Thoughts and further comments?