[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Trying to reach consensus - Yet Another Alternate Proposal to Declassification of debian-private


I'll try to move forward in the direction of a more consensual proposal
about the declassification. 

In this discussion, two points were made clear to me:

1) It would be really nice to have the d-p archives available to those
who want to understand better how debian works, and from this
perspective, the selection of which content will be made available is
not a desirable thing.

2) On the other hand, some sensitive material should not be indexed by
google, nor be available without any criteria. This is certainly the
point that is raising most of the disagreement.

So, my conclusion is that it would be nice to have two types of

1) Selected Readers
2) Selected Content

The first type of publication could embrace the entire content of
debian-private, but restrictions will be applied for those who want to
read, basically, the need of identification of the reader and the
agreement to a NDA on the same terms applied to every debian developer
about the privacy of the mailing list.

The second type would be open to the public in general, and then could
be strictly opt-in, since this would be indexable by google, and it's
desirable that the authors have a choice on that.

This way, I'd like to formalize a new Proposal.


In accordance with principles of openness and transparency, Debian
will seek to declassify and publish posts of historical or ongoing
significance made to the Debian Private Mailing List.

This publication will be made in two different ways, both managed by a
declassification team assigned by the Debian Project Leader:

1) 3 or more years old posts will be made available on a public site,
but the access to this content will be regulated by the following
  * The declassification team will ellaborate a NDA in the same terms
    of the policy applied to every Debian Developer concerning the 
    privacy of the mailing list.
  * The prospective reader will have to identify himself to the  
    declassification team, and will need to have a GPG key signed 
    by a Debian Developer.
  * The prospective reader will have to send a GPG signed email in
    which he will agree to the NDA.
  * The declassification team will send username, password and the url 
    in a GPG sined and cyphered email to the prospective reader.
  * The access logs of this content will be kept.
2) 3 or more years old posts will be made available on a public site
with public anonymous access according to the following constraints:
  * The declassification team will request approval for publication of
    the posts to its authors, which can request:
    a) to keep the entire post private,
    b) to remove his identification from the post,
    c) to remove certain parts of the post,
    d) to publish the post as it is.
  * If an author requests that some post or some parts of it needs to 
    be kept private, the references to it will be removed from other 
  * If the author doesn't reply to the request for publication, the 
    entire post will be kept private.
  * If the post already contains a "you're allowed to quote me outside
    debian-private"-like statement, the declassification team will not 
    need to contact the author, and the post will be published.


I hope this is closer to a consensus...


Attachment: signature.asc
Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente

Reply to: