Re: GR: Declassifying debian-private: second call for votes

To: debian-project@lists.debian.org
Subject: Re: GR: Declassifying debian-private: second call for votes
From: Bas Wijnen <wijnen@debian.org>
Date: Thu, 20 Oct 2016 09:09:50 +0000
Message-id: <[🔎] 20161020090950.GC14540@spark.dtdns.net>
Mail-followup-to: debian-project@lists.debian.org
In-reply-to: <[🔎] 22532.53023.519338.471903@chiark.greenend.org.uk>
References: <20161015231001.ydfiviujpjyyqnh3@roeckx.be> <[🔎] 20161017041045.GF24888@falafel.plessy.net> <[🔎] 22532.53023.519338.471903@chiark.greenend.org.uk>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks Ian, for summarizing the options.  I have a slight disagreement with
your interpretation though.

On Mon, Oct 17, 2016 at 02:16:15PM +0100, Ian Jackson wrote:
> I support both Option 2 ("Acknowledge difficulty", my proposal) and
> Option 3 ("Remain private", Iain's proposal).  I firmly oppose
> Option 1 ("Repeal previous GR", Gunnar's).
> 
> I think Option 1 is quite bad.  I will rank option 1 below the FD (ie
> the status quo).  I recommend everyone else do so.

I don't.  While I agree with your criticism that option 1 isn't good, I believe
it is still better to repeal the 2005 GR than to keep it around.  Just
repealing the GR doesn't change anything in practice (and that would be
unfortunate), but it does clean up some junk, so IMO it's still better than FD.

Personally, I want -private to be a private channel.  That means I voted for
option 3.  Under this proposal, posts can still be made public if all
participants to the thread agree to it.  As I see it, something like tagging
each message with an embargo date is explicit agreement, so such a method would
still be possible when this option wins.

As for a rebuttal of option 2: people who post to -private expect their posts
to be private.  I want that to be true.  Option 2 allows the listmasters to
come up with a plan to declassify some posts without the authors explicitly
consenting to it.  I believe that to be dangerous for two reasons:

1. It makes the list less safe to post on.  I want us to have a channel where
   we don't need to worry about things being made public.  Adding rules like
   "if you didn't say the magic words, you're in danger" means we need to be
   more careful when posting, and that is bad, IMO.

2. I don't think the listmasters should take the burden.  Now that I think of
   it, it really seems like it keeps the 2005 GR, but instead of saying "anyone
   can do it", it says "the listmasters can do it".  They could have done it
   before and didn't, I have no reason to expect them to do it now.  If I were
   them, I would also not want this extra job, but I haven't heard them
   speaking out, so perhaps they do.

> When this GR is out of the way, I think some of those contributors who
> care a lot about improving our transparency will want to revisit this
> issue.

I think they will no matter what the outcome is.  They were asked to provide an
option for this ballot, but unfortunately no such option was proposed.

> I think all of these are quite reasonable points of view; and without
> a clear statement from the GR about where the majority of the
> projects' opinion lies, who is to say that these contributors are
> wrong ?

This GR would still give some information about that.  If option 1 wins, but FD
is not next (and especially if option 3 is above option 2), I believe it means
"we don't want to make formal statements about it, but this is how we feel".

> The main difference [between options 2 and 3] is that Option 3 would make it
> impossible to invent, or experiment with, new ways of handling -private in
> the future.

No, I disagree.  Ways that include explicit consent of all authors can be
implemented under those rules.  For publishing posts where explicit consent
cannot be obtained, a new GR would be required.  I believe that is reasonable.
Consent is normally easy to obtain.  If it's not (for example because the
person has died) and the thread is of great value, a GR does not sound like an
unreasonable requirement to me.

> That would be a shame.  There are some threads on -private which I think the
> participants would be quite happy to see declassified at an appropriate time
> (for example ones discussing security vulnerabilities).

If the participants all want to declassify a thread, they can under every
option on the ballot.

> Several people have suggested forms of subject-line tagging, for example,
> which might make that possible, while still allowing people to post messages
> which will never be disclosed.

Option 3 allows for this, as long as the tag is an opt-in for disclosure; it
does not allow implicit consent by not using a tag.

> If you feel that benefits of possible improvements to the transparency of
> -private are negligible, or that they are outweighed by the risk of madness
> on the part of listmaster, or even by the necessary discussions (arguments)
> about the shape of such a scheme, then you should rank 3 ahead of 2.

Just to add here: I have full confidence in the listmasters and believe they
would not abuse their powers that option 2 gives them.  But that doesn't mean I
think they need those powers.

I haven't heard anyone say they don't trust listmasters, so I'm not sure if
that is even true for one voter.  This doesn't seem to be something that needs
to be considered.

> I think people who are very keen on transparency should vote
> along with me,
>   2 > 3 > FD > 1

I think they should have proposed an amendment. ;)

But now that they didn't, I think they should put 3 last, and probably put 1
and FD above 2.

> I think it is quite conceivable that some such proposals might gain
> widespread support, at least so long as they retained the option for a
> poster to -private to avoid future declassification.

Given our experience during the last decade, I think it is unlikely that anyone
is going to start doing any declassification.  I prefer to make that clear to
everyone (and I prefer -private to be private), which is why I vote option 3
first.

Thanks,
Bas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJYCIndAAoJEJzRfVgHwHE6qK0QAIrrLeGJhYhjYzzyglU17szq
IpFjreAad8tlchXjWgLJKbboGbYdzy/mimGB/Df8NjABg/WDjJfUG3a3MWx27Vqe
zk//5uMN+76gT9Ldaxm9Cvxnxai5G31gSH/FUr1SJvEuG8iShx84r4fwCn65fIMV
g7p0b4x+5/QFbWWgVwDxXRHZGv9XdVdgDRRblbZrtrYp/R/EfcvIR5OEwl2r9b0r
D4A6YQIAqOnBmiFmlNE9pOcIS03aHtqAkREsam61iGDBhVXvExeyIcnigr//Eoil
LzqH5IMdshBKuyg6N2qsvD/VZOdmgDFvxCleHPfqDfgsIK6/NgE/tcVQClS3tf8H
SeQPMK+gmpyiPWOuzSpUu1nQitIepgleXZAz/CIpGYvqyeYvwAd+FpRl16nuFZSa
be2C3ae9ki+d8syODWwS8QvX6U3R+9MaOmsxzyKEehBMY9kB8DzBXnV8WSbxJNhj
NiNVm8aWjUrbS2tQQzt08oxszEoDsHXAQsIAzx4mlCm9y1kw297v+5BEQU6/Xv0B
bSIeBzNhLKnCZyAP8fm356LjqxSnWehlgEBNmjzybUb2iAUEpPNi1Yf5Vsj0CLTM
fPC/ALoh8AyiKWXaiIwglVeEgKK3Iyk+sU/PC2+OqusbIY45tnG4glD+WfeMggRe
3NrzU2gpZAPrueRqgb/S
=1cMT
-----END PGP SIGNATURE-----

Reply to:

References:
- Re: GR: Declassifying debian-private: second call for votes
  - From: Charles Plessy <plessy@debian.org>
- Re: GR: Declassifying debian-private: second call for votes
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>

Prev by Date: Re: GR: Declassifying debian-private: second call for votes
Next by Date: Epson Installation of Gutenprint
Previous by thread: Re: GR: Declassifying debian-private: second call for votes
Next by thread: Shudown And Restart Issue
Index(es):
- Date
- Thread