Re: GR Proposal 2: Declassification of -private
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Anthony Towns <aj@azure.humbug.org.au> writes:
> Okay, incorporating Manoj's proposed changes, and some other ideas:
>
> On Tue, Nov 15, 2005 at 12:08:15PM +1000, Anthony Towns wrote:
>> One of the issues Debian often stands for is transparency and openness
>> -- indeed, the openness of our bug tracking system is codified in the
>> Social Contract's statement "We will not hide problems". However, one
>> particular area of significance within the project is not open at all:
>> the debian-private mailing list.
>>
>> This list has hosted a number of significant discussions over the years,
>> including most of the discussion inspiring the original statement
>> of Debian's Social Contract and the Debian Free Software Guidelines,
>> the reinvetion of the new-maintainer process, debate on the qmail to
>> exim/postfix transition for Debian mail servers and more. This trend
>> continues today, with the six months just past have averaged around 190
>> posts per month.
>>
>> Especially given Debian is the focus of academic work (such as Biella
>> Coleman's paper), and has inspired other groups to emulate our commitment
>> to free software and our community (GenToo, Wikipedia, the Open Directory
>> Project and OpenSolaris), we should make our discussions on issues like
>> these and the reasoning behind the solutions we adopt accessible to the
>> rest of humanity.
>>
>> I think the easiest way to do that is to adopt an approach similar to that
>> of governments that deal with classified documents; that is by setting a
>> specific time after which -private posts will be required to be considered
>> for declassification (ie, publication) and redacting only those posts (or
>> portions of posts) for which there's still a good reason to keep private.
>
> Thus, I propose that the Debian project resolve that:
>
> ---
> In accordance with principles of openness and transparency, Debian will
> seek to declassify and publish posts of historical or ongoing significance
> made to the Debian Private Mailing List.
>
> This process will be undertaken under the following constraints:
>
> * The Debian Project Leader will delegate one or more volunteers
> to form the "debian-private declassification team".
>
> * The team will automatically declassify and publish posts made to
> that list that are three or more years old, with the following
> exceptions:
>
> - the author and other individuals quoted in messages being reviewed
> will be contacted, and allowed between four and eight weeks
> to comment;
>
> - posts that reveal financial information about individuals or
> organisations other than Debian, will have that information
> removed;
>
> - requests by the author of a post for that post not to be published
> will be honoured;
>
> - posts of no historical or other relevance, such as vacation
> announcements, or posts that have no content after personal
> information is removed, will not be published, unless the author
> requests they be published;
>
> - comments by others who would be affected by the publication of
> the post will also be taken into account by the declassification
> team;
>
> - the list of posts to be declassified will be made available to
> developers two weeks before publication, so that the decisions
> of the team may be overruled by the developer body by General
> Resolution, if necessary -- in the event such a resolution is
> introduced (ie, proposed and sponsored), the declassification
> and publication of messages specified by the resolution will be
> deferred until the resolution has been voted on.
> ---
>
>> According to the interweb, classified US government documents relating
>> to national security have to be released after at most ten years (unless
>> there're particular reasons to extend that); the oldest mail in the
>> -private archives turns ten on January 21st next year. I don't want to
>> see Debian be more secretive than the US military industrial complex :)
>>
>> And beyond that, there really are a lot of good ideas stuck in the
>> -private archives that it'd be nice to be able to refer to properly.
>
> The changes since the original:
>
> - authors have a veto over publication (Manoj's changes)
> - people quoted in messages rather than other recipients should be
> contacted
> - security problems don't get special treatment; they can be vetoed
> by the post's author though
> - specific details for overriding the team's decisions by the
> developers
>
> Seconds so far:
>
> Don Armstrong (original or Manoj's changes)
> Joey Hess (original only, no comment on Manoj's changes)
> Wouter Verhelst (Manoj's changes, no comment on original)
> Bas Zoetekouw (Manoj's changes, no comment on original)
> Daniel Ruoso (original preferred over Manoj's changes)
>
> Five's enough to second a proposal, but only if they all second the same
> one :)
>
>> Comments, suggestions and seconds appreciated.
>
> Cheers,
> aj
>
I second this proposal.
- --
* Sufficiently advanced magic is indistinguishable from technology (T.P) *
* PGP public key available @ http://www.iki.fi/killer *
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8 <http://mailcrypt.sourceforge.net/>
iD8DBQFDfa1ZkuYKi19tgBURAl8sAKCyUli2LodThiBWmpRqFNFCwN6QJwCfc/OX
bEMJs/lTIhlwywyExIUEAww=
=fUhB
-----END PGP SIGNATURE-----
Reply to: