Re: Proposed GR: Repeal the 2005 vote for declassification of the debian-private mailing list

[Bas Wijnen <wijnen@debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Sep 16, 2016 at 08:27:13AM +0000, Anthony Towns wrote:
> > I now also tend to think that we, as a collection of individuals, also need 
> > some sort of "safe space" to discuss certain things, that can't be public. 
> 
> FWIW, that's pretty much exactly what I mean by "don't care that much
> about transparency".

By that definition, I think most people don't care about it.  I expect everyone
at times wants to discuss something privately among friends.  And while Debian
is a very technical project, it is also a group of friends, and that aspect is
important to many people.  If you say "That's not what Debian is meant for, and
we should make it impossible", I strongly disagree.  While it probably wasn't
intended, it being a group of friends is very good for the project and a
private communication channel strengthens this function.

> ie, sure you care about it -- and don't get me wrong, that's great --
> but you're not really that interested in going much beyond what every
> other open source project these days does.

Yes.  But Debian does request that -private is not used for technical
discussions, and IME when it is, there is either a reason for it or there are
reminders about it immediately and the discussion is moved elsewhere.

Which leads me to a repeat of a point I've seen before (and I didn't follow the
entire discussion, so I may have missed an answer to it): are there any
examples of threads that the public would benefit from if they were made
public?  (Obviously don't quote them here on -vote, but you can talk about what
kind of messages this is about.)  I can't think of anything for which all the
following are true:
- - It is a thread on -private
- - It does not need to be private anymore
- - There is value is making it public
- - It is not feasable to contact the authors

If nobody can be bothered to contact the authors, I'd say there is not enough
value in making it public.  If you think contacting the authors is too hard,
and want to write a program to make it easier, nobody's stopping you.  And no
GR is needed for doing that.

However, your plan to automatically redact emails sounds dangerous; I would
rather see that any email which contains parts of classified emails remain
entirely classified itself.  The risk of accidentilly publicizing something
that shouldn't have been is much larger than the risk of not publicizing
something that should have been.  I believe that especially because my estimate
is that almost no email should be made public.

> Pretty much all those things are or were hard and people will give you plenty
> of reasons why you'd be crazy to do any of them.

Sure, but those all have value.  They make the technical side of the project
more accessible to others.  Making parts of -private public will do the same
for the social side, which has obvious downsides (it makes it less safe to post
there) and not really any upsides that I can see.  Theoretically it could, if
we would be abusing -private for threads that don't belong there, because it
would limit the damage of that abuse.  But that doesn't happen much, and those
threads usually migrate to a public list soon enough.

Perhaps for some threads an expiration date would make sense.  However, that is
rare and it would be much easier to just post a header to the first message of
such a thread, that it will be made public after a certain date; perhaps add a
marker to the subject as well.  Then it's clear to everyone that posting in
that thread is similar to posting to a public list.

> > "[...] We promise (and have all members as testimonials) to restrict it's
> > usage to topics that really need to be private"

We already have that in less strong terms, and it works fine as far as I know.

At least I cannot think of a single message I've seen on -private for which I
believe there is value is making it public.

Thanks,
Bas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJX2+V0AAoJEJzRfVgHwHE6GlEQAIEnrOLELMih6Gz6sV6b0aJp
sDFXg54eByU1INreFAvkvK5HG3qrYFym/h4Yx9/q1NAwvST/LJFCCjcoZoQMyNw4
fnLAaRR+YkUF4T88jEqX4IS9PCGFi6EtJOki/2O97gBYkyhIWPEaH/6mMcYGVg4A
BNkw7cRuu+OvsygWEC1nulT45Wh4ml71DMQesTOL1WFw9pycPt+d3TubGBYRgpsy
tNCdc8HbEC9C3DEh6e+o5K3DdRTabGkDEJWWsXUrWMuGp91zhF0X3iV0V6QlRpzJ
JjYo6kAhhj34wc+8jMeSCLw4UGHEqsq4oKvSbtW7/ZHDvEH9yjathiy5YJje48A2
PD2KrZuV31viXiUtNWDyO7wh5W1xkepFoVBFl6rx9P/aFMvQ1/dJ39q3YFJHiWKO
sRWTFc9655rnIvtwQ2D5lZxycVmZzKYTep8aXTywDfxsZWjJaRtk6K9U7PX2S78H
DBM/0kyRcw4A7FNM7qxpNnejFaQyictgYdqPXot52+0s0v3eclkyNBi74VuLI9b0
JVI2ztnCUxtowmZmXCHCtryacqQ2QvzObfjc2d6myUAwIlJeSNz5K+QJYDFZb7pb
gxjgfnDPD9GhQXr32wHhb3VP211RmIGVfnqdhj9AHVZcYtiUQCCufO7HGOpnaGb8
Fh478HULsWXSRPJGQEhr
=4F/i
-----END PGP SIGNATURE-----