[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposed GR: Repeal the 2005 vote for declassification of the debian-private mailing list

* Anthony Towns <aj@erisian.com.au>, 2016-09-11, 11:01:
- after 2017/01/01 00:00:00 UTC, every post to -private will be published publically 3.14159 years after receipt
   * no exceptions.
* posting to -private on any topic is okay if there's some reason for it to be private rather than immediately public. * if you can't deal with what you post being public relatively soon, don't post it to a list of hundreds of people most of whom you don't actually know.

Yes, please! (I'd prefer 2.71828 years, but it's not a big deal.)

* (possibly:) require mails to -private be signed by a DD/DC key, and bounce any mails with anyone else in the To: or Cc: headers to reduce non-DDs getting cc'ed on the entire thread without being able to participate

For some people that would be mild deterrent to posting nonsense on -private; but others sign ALL THE THINGS anyway.

On the other hand there's sometimes genuine need to post on-topic unsigned message to -private, e.g. when you're on a forced VAC because your computer (where you kept the key) just exploded.

- make and publish a cryptographic commitment for all prior months of -private archives (ie, from 1996/01 onward) [2]

- write some code to build a database of the historical messages to -private, that validates against the merkle root to ensure completeness, and for each message track: a) whether the DPL/DPL's delegates think the message is spam or uninteresting
     b) which previous emails the message quotes
c) whether the sender seems to be a current DD/DC with a key in the keyring, and if they've supplied a gpg signed publish/keep-secret request d) whether the sender has been contacted, their reply, and if the DPL/DPL's delegates interpreted the reply as "okay to publish" or a "don't reveal" request

- write some code that allows a DD to scroll through any emails in said database that they sent and easily supply gpg signed publish/keep-secret responses

- publish things that have been acked, verifiably against the cryptographic commitment (taking into account quoted messages and their acks)

- review interesting historical topics that haven't been acked and attempt to contact authors to get acks and publish them

- provide some way for DDs and DCs to review things that have been NAKed and see if there's anything iteresting to know, or if the reasons for keeping whatever it was private at one time are really still important


But given the failure of the last GR, I don't have much hope that we ever manage to declassify the old posts.

Jakub Wilk

Reply to: