Group Proposal, for discussion: Vulnerability Group

Volker Simonis volker.simonis at
Tue Oct 17 14:05:18 UTC 2017

Hi Mark,

while our legal team reviewed the Vulnerability Group proposal, they
complained that the term "rough consensus" is never defined, neither
in the Vulnerability Group proposal nor in the OpenJDK Bylaws.

Would it be possible to rephrase "rough consensus" as "lazy consensus"
which is defined in the Bylaws? I understand that in the Bylaws, "lazy
consensus" is defined with respect to voting and we don't want to have
a vote for every decision but on the other hand, the definition of
"lazy consensus" as "not having any veto" seems appropriate to me in
the context where "rough consensus" is currently being used in the
Vulnerability Group proposal.

If that's is not possible, the Vulnerability Group proposal should
define in more detail what it means by "rough consensus".

Thank you and best regards,

On Mon, Oct 16, 2017 at 4:10 PM,  <mark.reinhold at> wrote:
> 2017/10/13 11:03:20 -0700, ysr1729 at
>> What's the process & timeframe for obtaining membership to the group
>> (presumably after the revised version of the document is out?).
> - Mark

More information about the discuss mailing list