l3db3tt3r

@rockstar1215@lemmy.world OP,
Suggestions:

1. Provide a couple real use case examples for why people may be asking for these PRs.

• Probably revolve around user familiarity with their current use cases using CalDAV and friends.

2. Build an import/export adapter.

• Link to relevant examples, resources, and/or documentation. It’s a call to action, so give readers a direction.

You make valid points. I don’t know that the word apathy is strong enough in this context, shrug. I mean, why not just say the thing? “This needs to be fleshed out”. At least it provides direction and context, (go push sand somewhere else; the TAB) and would probably be quicker/easier to write then sling this tired narrative, and non-answer to what is actually being asked;

Thus seeking documented guidance on new Linux Security Module submissions for how they should be optimally introduced.

(The TSEM LSM people aren’t trying to push a specific thing, they are asking for clarity of the process and particulars by witch a thing should be submitted; because from what I understand, their project (and others) keep hitting walls on the grounds of ‘formatting’ and ‘structure’; as a stop-gap, and thus an incomplete review, of the ideas and contents of the problem/solution set of the project. (Think: “It’s too difficult for me to read the thing, so I won’t until you fix it” – And not name with specifics to what is considered ‘fixed’, or what the process for re-submission is; It’s a backhand way of claiming “secret knowledge” over the thing and then saying “just fix it”. Fix what specifically ? )

That is to say; when outsiders see these kinds of roadblocks, and the responses/narratives of key figures in these spaces is “apathy” of this degree, it feels something to me akin to security theater.

“Yes, I know that security people always think they know best, and they all disagree with each other, which is why we already have tons of security modules. Ask ten people what model is the right one, and you get fifteen different answers.”

“I’m not in the least interested in becoming some kind of arbiter or voice of sanity in this.”

How do you even get to a consensus model to tease these things out; when your answer is a refusal to engage with “pointless” things?

It just seems contentious to me, that anyone when considering this kind of rhetoric, would make claims in regards to the level of security that Linux (may) provide. It just feels something akin to playing in the realm of security theater.

It isn’t criticism if it isn’t based on fact. The U in FUD stands for Uncertainty; and what do you think “might” falls under, or it’s relation to sowing Doubt?

The law related to job postings, is a labor law, that also covers minimum wage, and uses the same definitions. Labor Code Section 432.3 (Pay Transparency Law) Labor Code Section 1197.5 - California Equal Pay Act (Fair Pay Act) Labor Code Section 2750.3 (Employee vs Independent Contractor Classification)

Let me do the work for you; since you’d rather just spread FUD then look for facts.

1. https://www.linkedin.com/company/grapheneos/people/

• 0 California “employees” listed

2. https://www.dir.ca.gov/dlse/SB3_FAQ.htm (I just want to point out that there is a distinction; and I am not a lawyer) “Any individual performing any kind of compensable work for the employer who is not a bona fide independent contractor would be considered and counted as an employee, including salaried executives, part-time workers, minors, and new hires.”

It also sounds like they are trying to fill a part-time role. “Must be able to commit to spending 80 hours or more a month” = ~20 hours a week, but given the ebb and flow of release/bug/patch work needed…

FUD

1. GrapheneOS is a non-profit out of Canada.
2. It’s an “independent contractor” role. California has specific laws governing the classification of workers as employees versus independent contractors.

I don’t know if there’s really a better way to manage this need. They need a pretty niche specialized developer, so you have to cast a pretty wide net (globally, mind you) for remote work.

1. It’s a pretty small global team.
2. How would they financially/legally manage the burden of tax/benefit/workers rights across all boarders; especially as a non-profit.

Yes, people should know what they are getting into, with independent contractor work. I just think there is (probably) some nuance to this particular case; where hiring people on as an employee doesn’t make a lot of sense.

Find the skills gaps that you have; find the thing that interests you about it; and dig into that fundamental piece, don’t understand what the fundamentals might be, go check out .edu, or certification outlines with the vocabulary/knowledge you do have so you can build from the concepts (and benefit from their already determined progressions) , so you can developed additional vocabulary and knowledge of the discipline.

I think the gatekeeping part isn’t the warning or cautionary advice being given, It’s the failure to point, and give direction to, the relevant thing(s), the skill sets, the place to start in order to understand the complexities.

Like the hart-surgeon analogy given elsewhere in the comments; it’s not just the dire warning of ‘you can kill someone’ - it’s the humanity to say, well if you want to learn how to do this, you’re going to have to start by having an understanding of basic biology, organic chemistry, human anatomy, etc, and to learn about those things go here…

I think you’ve missed the point OP is trying to communicate. It’s not that these things aren’t relevant, highly important, and good caution/warning. It’s the gate that people are creating with these no depth explainers. “you need to understand” “if you don’t know” – then fail to provide direction to people who want to know, to learn these things, to figure out where to start; that’s the gate.

The price of being on the bleeding edge.
But also, trust the process, it’s a feature not a bug.

Also, I’ll add, that I think that beginners learning this immutable, devcontainer, distrobox workflow offers you more space to practice and learn by doing. You’ll will learn a lot by recovering from some misstep (rollback), and/or by blowing it up, to rebuild it again. (and I encourage you to do it often for the practice and confidence)

Check out the ‘dx’ variants within universal blue It would be a good time to become familiar with rebasing.

I run bluefin-dx environment. (gnome).

There is a different learning curve to immutable/atomic systems and workflows. I don’t think it’s harder per say, it’s just you’ll have to be cognizant of the differences when searching for relative and relevant information when you come up against anything (like any opinionated *nix distro). Learn Homebrew, and Flatpack (and thier quarks running with atomic systems).