Re: sending debian-private postings to gmail

[Ian Jackson <ian@davenant.greenend.org.uk>]

Kevin B. McCarty writes ("Re: sending debian-private postings to gmail"):
> Ian Jackson wrote:
> [snip]
> > distributed to computers whose owners and operators cannot be expected
> > to refrain from processing the content in other ways.
>   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> 
> [...]  If you are sufficiently paranoid, [...]

You might well, but only if you were, as you say, paranoid.

> Taken to extremes, this implies [absurd conclusions]

So don't take it extremes then.  Each developer has to decide,
obviously, who is trustworthy.  But a developer who decides that Gmail
is `trustworthy' isn't taking that question seriously and I'm writing
here to point that out.

With 1000 developers the secrecy of debian-private is always going to
be imperfect and worrying about the kind of threats you describe is
silly.

However, it is _not_ silly to observe that Google are counting up how
many times certain keywords appear and providing reports to their
advertisers.  We don't know exactly what those reports look like but
it might be quite easy to find out what topics are being discussed on
debian-private.

It's clear that Google think they have the legal right (given to them
by the developer-user) to facilitate that and it's also clear that
they have no particular reason to spend effort thinking about how to
make it difficult for their advertiser customers to do that kind of
thing.

Ian.