Re: Proposed GR: Repeal the 2005 vote for declassification of the debian-private mailing list
-----BEGIN PGP SIGNED MESSAGE-----
TL,DR: Nice proposal, seconded.
Am 08.09.2016 um 18:07 schrieb Ian Jackson:
> Lars Wirzenius writes ("Re: Proposed GR: Repeal the 2005 vote for
> declassification of the debian-private mailing list"):
>> If we're going to have another discussion and vote about this, I
>> think it might be good to vote with a full spectrum of choices on
>> the ballot.
> I don't object to this, but (despite what seems to be some quite
> deep divisions in people's attitudes) I think there is a
> possibility that we can find a settlement that will be broadly
> As I read the messages the principles which are partly in conflict
> (or which seem to be in conflict) are:
> * We do not want to introduce any new barriers to
> * We do not want to promise something we are not delivering.
> * People who have previously posted messages to -private under the
> previous policy (the regime established by the previous GR) should
> not have the promise of privacy retrospectively breached.
> * -private ought to be used as little as possible.
> * If someone proposes a better way to handle -private, we do not
> want them to have to go to a further GR.
> (Note, I am stating these views as I understand them from the
> messages of people who've written on the subject. I do not
> necessarily agree with them.)
First of all thanks to Ian for summarizing the late discussions around
the failed GR so well.
> It seems to me that a just approach, which may find broad favour,
> would be to explicitly recognise that we have had different
> policies (and policies with different levels of explicitness) at
> different times, and that the poster of such messages is entitled
> to expect that the policy in force at the time they posted the
> message will apply.
> That does not mean that the policy cannot be changed, or that
> changing the policy needs a GR. It just means that the policy
> ought not to be changed _retrospectively_, at least without very
> great care and consideration. For example, the level of care and
> consideration that are evident in the 2005 GR.
Exactly, I couldn't express my view better.
> So, how about something like this:
> Title: Acknowledge difficulty of declassifying debian-private
> 1. The Debian Project regrets the non-implementation of the 2005
> General Resolution titled "Declassification of debian-private list
> archives". That General Resolution is hereby repealed.
> 2. In case volunteers should come forward: Permission remains for
> the list archives (of any messages, whether posted before or after
> this resolution) to be declassified, provided that the
> declassification process is at least as respecting of the privacy
> of posters to debian-private as the process set out in the 2005
> General Resolution.
> 3. Furthermore, the Debian listmasters remain empowered (subject
> to the usual consultation processes within the Debian project) to
> revise the rules governing the privacy and declassification of
> messages to -private. This includes making measures to make
> declassification more widely applicable, or easier to automate.
> 4. But, any weakening of the privacy expectations must not be
> retrospective: changes should apply only to messages posted after
> the rule change has come into force.
> 5. In particular, we reaffirm this rule: no part of a posting made
> to -private, which explicitly states that it should not be
> declassified, may be published (without its author's explicit
> consent). This rule may be changed by the listmasters (para.3,
> above), but only for future messages (para.4, above), and only
> following consultation, and only with ample notice.
> 5. Participants are reminded to use -private only when necessary.
Thank you for the new proposal which now addresses my major concerns.
Retrospective policy changes are now explicitly forbidden (#4). And I
totally agree that we should not forbid any future efforts to
declassify debian-private just because we failed to do so for more
than 11 years now (#2).
If this is a proposed GR, I do second it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
-----END PGP SIGNATURE-----