On Thu, Sep 08, 2016 at 05:07:47PM +0100, Ian Jackson wrote: > As I read the messages the principles which are partly in conflict (or > which seem to be in conflict) are: I think the "conflict" runs much deeper in that we have different opinions on a) what a useful declassification is and b) who is responsible for d-private, which ends in: > 4. But, any weakening of the privacy expectations must not be > retrospective: changes should apply only to messages posted after > the rule change has come into force. That rule /might/ make sense if we are talking about fully automated declassification of everything at once – which is a pretty involved task I have a lot of sympathy for nobody tried that so far. If on the other hand we consider less than 100% a declassification already this rule blocks a lot of potentially interesting things from being released to the public about the past. Basic example: How many mails are sent to d-private each month? We know that for public archived lists. We even know that for less public lists like d-companies, but for d-private that is classified information… (that is perhaps not "weakening privacy" for an individual, but for the dev-body as a whole if your reading is very strict. Many things I am thinking of aren't directly related to individuals in fact…) My personal idea of declassification (I might or might not help with) was an archive with thread-view just like for the other lists, but everything (sender, subject, …) is classified by default. Then you can add little labels on the archive tagging VAC, never/maybe/always- declassify, expulsions, … messages as such (see also Enricos enhanced posting rules for future posts). Mislabeling has basically zero cost, so those could be done by tools. If you find volunteers publishing the subject lines could be attempt (volunteers as you would need to exclude expulsion/VAC messages and an error here has a cost). Perhaps we rule that for future posts the sender is auto-declassified (after a month perhaps – thinking of VAC messages here mostly). Maybe run an opt-in for past messages. Messages copied/forwarded to public lists could be declassified in full. And then, perhaps someday someone really tries to declassify a thread in full… all that is an implementation detail of a declassification through and don't really belong in a GR text nor in the discussion, but as many seem to be stuck in all or nothing… a) tl;dr: "divide et declassifia" That ties in directly to part b) of the conflict as no official document defines d-private (beside the GR2005 maybe implicitly), so it looks, walks and behaves like a service provided by listmasters just like the other lists which are under the authority of listmasters, but the last GR declares that a majority of developers don't trust listmasters enough in terms of d-private without further discussion… Or to answer that with my basic example for above again: Do I need to propose a GR to have the statistics image show traffic? The answer before 2005 is no (listmasters decide), after 2005 it is maybe (yes: another process was approved via GR, but no: the GR was not needed, but done as it was a major and "perhaps" controversial decision) and now it is yes until it is further discussed (and in this proposal it would be cemented as yes). b) tl;dr: "In listmasters we trust" Best regards David Kalnischkies
Attachment:
signature.asc
Description: PGP signature