Hi,
I'll try to move forward in the direction of a more consensual proposal
about the declassification.
In this discussion, two points were made clear to me:
1) It would be really nice to have the d-p archives available to those
who want to understand better how debian works, and from this
perspective, the selection of which content will be made available is
not a desirable thing.
2) On the other hand, some sensitive material should not be indexed by
google, nor be available without any criteria. This is certainly the
point that is raising most of the disagreement.
So, my conclusion is that it would be nice to have two types of
publications:
1) Selected Readers
2) Selected Content
The first type of publication could embrace the entire content of
debian-private, but restrictions will be applied for those who want to
read, basically, the need of identification of the reader and the
agreement to a NDA on the same terms applied to every debian developer
about the privacy of the mailing list.
The second type would be open to the public in general, and then could
be strictly opt-in, since this would be indexable by google, and it's
desirable that the authors have a choice on that.
This way, I'd like to formalize a new Proposal.
------
In accordance with principles of openness and transparency, Debian
will seek to declassify and publish posts of historical or ongoing
significance made to the Debian Private Mailing List.
This publication will be made in two different ways, both managed by a
declassification team assigned by the Debian Project Leader:
1) 3 or more years old posts will be made available on a public site,
but the access to this content will be regulated by the following
constraints:
* The declassification team will ellaborate a NDA in the same terms
of the policy applied to every Debian Developer concerning the
privacy of the mailing list.
* The prospective reader will have to identify himself to the
declassification team, and will need to have a GPG key signed
by a Debian Developer.
* The prospective reader will have to send a GPG signed email in
which he will agree to the NDA.
* The declassification team will send username, password and the url
in a GPG sined and cyphered email to the prospective reader.
* The access logs of this content will be kept.
2) 3 or more years old posts will be made available on a public site
with public anonymous access according to the following constraints:
* The declassification team will request approval for publication of
the posts to its authors, which can request:
a) to keep the entire post private,
b) to remove his identification from the post,
c) to remove certain parts of the post,
d) to publish the post as it is.
* If an author requests that some post or some parts of it needs to
be kept private, the references to it will be removed from other
posts.
* If the author doesn't reply to the request for publication, the
entire post will be kept private.
* If the post already contains a "you're allowed to quote me outside
debian-private"-like statement, the declassification team will not
need to contact the author, and the post will be published.
-------
I hope this is closer to a consensus...
daniel
Attachment:
signature.asc
Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente