Hi, I'll try to move forward in the direction of a more consensual proposal about the declassification. In this discussion, two points were made clear to me: 1) It would be really nice to have the d-p archives available to those who want to understand better how debian works, and from this perspective, the selection of which content will be made available is not a desirable thing. 2) On the other hand, some sensitive material should not be indexed by google, nor be available without any criteria. This is certainly the point that is raising most of the disagreement. So, my conclusion is that it would be nice to have two types of publications: 1) Selected Readers 2) Selected Content The first type of publication could embrace the entire content of debian-private, but restrictions will be applied for those who want to read, basically, the need of identification of the reader and the agreement to a NDA on the same terms applied to every debian developer about the privacy of the mailing list. The second type would be open to the public in general, and then could be strictly opt-in, since this would be indexable by google, and it's desirable that the authors have a choice on that. This way, I'd like to formalize a new Proposal. ------ In accordance with principles of openness and transparency, Debian will seek to declassify and publish posts of historical or ongoing significance made to the Debian Private Mailing List. This publication will be made in two different ways, both managed by a declassification team assigned by the Debian Project Leader: 1) 3 or more years old posts will be made available on a public site, but the access to this content will be regulated by the following constraints: * The declassification team will ellaborate a NDA in the same terms of the policy applied to every Debian Developer concerning the privacy of the mailing list. * The prospective reader will have to identify himself to the declassification team, and will need to have a GPG key signed by a Debian Developer. * The prospective reader will have to send a GPG signed email in which he will agree to the NDA. * The declassification team will send username, password and the url in a GPG sined and cyphered email to the prospective reader. * The access logs of this content will be kept. 2) 3 or more years old posts will be made available on a public site with public anonymous access according to the following constraints: * The declassification team will request approval for publication of the posts to its authors, which can request: a) to keep the entire post private, b) to remove his identification from the post, c) to remove certain parts of the post, d) to publish the post as it is. * If an author requests that some post or some parts of it needs to be kept private, the references to it will be removed from other posts. * If the author doesn't reply to the request for publication, the entire post will be kept private. * If the post already contains a "you're allowed to quote me outside debian-private"-like statement, the declassification team will not need to contact the author, and the post will be published. ------- I hope this is closer to a consensus... daniel
Attachment:
signature.asc
Description: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente