[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the DPL: DSA and buildds and DAM, oh my!

On Fri, Feb 23, 2007 at 12:16:52PM -0300, Gustavo Franco wrote:

> That's up to the person behind the *my* you wrote, disclose $ADDRESS
> and $NUMBER. The same can't be said about our email address, so what's
> the point really? I don't think the DSA members will want to disclose
> this kind of information and if somebody does, they won't be forced to
> do so. Let me rewrite what would happen IRL, IMHO:

> "Please send the machine to my home address - I'll drive out to the DC
> and put the machine on-line ASAP. Give the sipping company my phone
> number. I'll send you *my personal details* privately."

You are assuming that the person sending the e-mail is aware that the
information they are sending is going to end up publically visible.
With a lot of tracking systems this may not be the case.  In the
particular case of RT the work flow appears to involve generating
e-mails to which anyone can reply, with replies causing information to
be added to the ticket.  This means that it's easy for someone to put
information in there without ever realising that there's a public

> I still disagree with a private tracking system for DSA. Almost all
> the information isn't sensible and can be there, the details can be
> passed privately and it's up to the message submitter and nobody else.
> It isn't like a person out of DSA can disclose sensible information
> that will put DSA stuff at risk.

I do agree that we should make an effort to make information available
but we need to be aware of the problems that could arise and take steps
to mitigate them.

The case with keyring-maint is even worse for this since people might
decide to do things like send scans of ID documents.

"You grabbed my hand and we fell into it, like a daydream - or a fever."

Attachment: signature.asc
Description: Digital signature

Reply to: