(In reply to Jeremy Rowley from comment #22) > Why? I think they are an important part of accountability. I decided to step down because of the incident. That's part of the incident report and something that should be disclosed. Knowing what changes are happening is part of transparency and ensuring accountability within the organization. I wrote my thoughts about your decision to resign privately, and won’t restate them all here (roughly: oh god, what a blow to the web), but I want to respond to this point. “Accountability” is not about punishment or scorekeeping or setting an example _pour encourager les autres_. It is about having appropriate attention paid to the things that caused a problem to occur, by making that reflection and transparency the responsibility of the person who was placed to observe those things and best understand how they happened. That reflection and transparency is **only** valuable to the extent that it changes the future handling of related situations. I know that in your place I would be watching the director’s commentary of _Looper_ over and over to see if I could pull off time travel even _just once_, but alas that’s not one of the choices available. What matters now is what happens to the web, to DigiCert’s operations, and to Jeremy Rowley as a person and community member. When DigiCert has another incident (and while I have tremendous faith in Tim, it will happen), I would rather that they have Jeremy Rowley with his wisdom and scar tissue around to guide their response and subsequent improvement. When another CA has a crisis related to domain validation, I want their panicked CISO to be able to reach out to Jeremy Rowley for help, and to see that these crises can be used as powerful tools for change. And, more personally, when DigiCert has rolled out its changes and demonstrated that is exactly the company that we need in such a critical role on the web, I want Jeremy Rowley to get the highest of fives at the after party. DigiCert and its customers and the web already have to pay the cost of this incident, and it would be so much better if we could also obenefit maximally from what you’ve learned (so so painfully) along the way. Of course, I have no right whatsoever to tell you that you can’t resign, Jeremy, or that you “shouldn’t” feel as you do. While I very much share Aaron’s love of blameless postmortem, I know that I can be caustic in these forums when I’m frustrated or disappointed; I hope that hasn’t contributed to you feeling that you should be punished or exiled. If this is your exit, please know that you will be missed.
Bug 1910322 Comment 26 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Jeremy Rowley from comment #22) > Why? I think they are an important part of accountability. I decided to step down because of the incident. That's part of the incident report and something that should be disclosed. Knowing what changes are happening is part of transparency and ensuring accountability within the organization. I wrote my thoughts about your decision to resign privately, and won’t restate them all here (roughly: oh god, what a blow to the web), but I want to respond to this point. “Accountability” is not about punishment or scorekeeping or setting an example _pour encourager les autres_. It is about having appropriate attention paid to the things that caused a problem to occur, by making that reflection and transparency the responsibility of the person who was placed to observe those things and best understand how they happened. That reflection and transparency is **only** valuable to the extent that it changes the future handling of related situations. I know that in your place I would be watching the director’s commentary of _Looper_ over and over to see if I could pull off time travel even _just once_, but alas that’s not one of the choices available. What matters now is what happens to the web, to DigiCert’s operations, and to Jeremy Rowley as a person and community member. When DigiCert has another incident (and while I have tremendous faith in Tim, it will happen), I would rather that they have Jeremy Rowley with his wisdom and scar tissue around to guide their response and subsequent improvement. When another CA has a crisis related to domain validation, I want their panicked CISO to be able to reach out to Jeremy Rowley for help, and to see that these crises can be used as powerful tools for change. And, more personally, when DigiCert has rolled out its changes and demonstrated that is exactly the company that we need in such a critical role on the web, I want Jeremy Rowley to get the highest of fives at the after party. DigiCert and its customers and the web already have to pay the cost of this incident, and it would be so much better if we could also benefit maximally from what you’ve learned (so so painfully) along the way. Of course, I have no right whatsoever to tell you that you can’t resign, Jeremy, or that you “shouldn’t” feel as you do. While I very much share Aaron’s love of blameless postmortem, I know that I can be caustic in these forums when I’m frustrated or disappointed; I hope that hasn’t contributed to you feeling that you should be punished or exiled. If this is your exit, please know that you will be missed.