Discomfort with Sourceforge

For a while now people have been expressing concern about Sourceforge's
continued hosting of the bitcoin-dev mailing list.  Downloads were moved
completely to bitcoin.org after the Sept 2014 hacking incident of the SF
project account.  The company's behavior and perceived stability have been
growing to be increasingly questionable.

http://www.theregister.co.uk/2013/11/08/gimp_dumps_sourceforge_over_dodgy_ads_and_installer

November 2013: GIMP flees SourceForge over dodgy ads and installer

https://lwn.net/Articles/646118/

May 28th, 2015: SourceForge replacing GIMP Windows downloads

http://seclists.org/nmap-dev/2015/q2/194

June 3rd, 2015: Sourceforge hijacked nmap's old site and downloads.

When this topic came up over the past two years, it seemed that most people
agreed it would be a good idea to move.  Someone always suggests Google
Groups as the replacement host.  Google is quickly shot down as too
controversial in this community, and it becomes an even more difficult
question as to who else should host it.  Realizing this is not so simple,
discussion then dies off until the next time somebody brings it up.

http://sourceforge.net/p/bitcoin/mailman/bitcoin-development/thread/1943127.DBnVxmfOIh%401337h4x0r/#msg34192607

Somebody brought it up again this past week.

It seems logical that an open discussion list is not a big deal to continue
to be hosted on Sourceforge, as there isn’t much they could do to screw it
up.  I personally think moving it away now would be seen as a gesture that
we do not consider their behavior to be acceptable.  There are also some
benefits in being hosted elsewhere, at an entity able to professionally
maintain their infrastructure while also being neutral to the content.

Proposal: Move Bitcoin Dev List to a Neutral Competent Entity

Bitcoin is a global infrastructure development project where it would be
politically awkward for any of the existing Bitcoin companies or orgs to
host due to questions it would raise about perceived political control.
For example, consider a bizarro parallel universe where MtGox was the
inventor of Bitcoin, where they hosted its development infrastructure and
dev list under their own name.  Even if what they published was 100%
technically and ideologically equivalent to the Bitcoin we know in our
dimension, most people wouldn't have trusted it merely due to appearances
and it would have easily gone nowhere.

I had a similar thought process last week when sidechains code was
approaching release. Sidechains, like Bitcoin itself, are intended to be a
generic piece of infrastructure (like ethernet?) that anyone can build upon
and use.  We thought about Google Groups or existing orgs that already host
various open source infrastructure discussion lists like the IETF or the
Linux Foundation.  Google is too controversial in this community, and the
IETF is seen as possibly too politically fractured.  The Linux Foundation
hosts a bunch of infrastructure lists
<https://lists.linuxfoundation.org/mailman/listinfo> and it seems that
nobody in the Open Source industry considers them to be particularly
objectionable.  I talked with LF about the idea of hosting generic
Bitcoin-related infrastructure development lists.  They agreed as OSS
infrastructure dev is already within their charter, so early this week
sidechains-dev list began hosting there.

>From the perspective of our community, for bitcoin-dev it seems like a
great fit.  Why?  While they are interested in supporting general open
source development, the LF has literally zero stake in this.  In addition
to neutrality, they seem to be suitable as a competent host.  They have
full-time sysadmins maintaining their infrastructure including the Mailman
server. They are soon upgrading to Mailman 3 <http://wiki.list.org/Mailman3>,
which means mailing lists would benefit from the improved archive browser.
I am not personally familiar with HyperKitty, but the point here is they
are a stable non-profit entity who will competently maintain and improve
things like their Mailman deployment (a huge improvement over the stagnant
Sourceforge).  It seems that LF would be competent, neutral place to host
dev lists for the long-term.

To be clear, this proposal is only about hosting the discussion list.  The
LF would have no control over the Bitcoin Project, as no single entity
should.

Proposed Action Plan


   -

   Discuss this openly within this community.  Above is one example of a
   great neutral and competent host.  If the technical leaders here can agree
   to move to a particular neutral host then we do it.
   -

   Migration: The current list admins become the new list admins.  We
   import the entire list archive into the new host's archives for user
   convenience.
   -

   http://sourceforge.net/p/bitcoin/mailman/  Kill bitcoin-list and
   bitcoin-test.  Very few people actually use it.  Actually, let's delete the
   entire Bitcoin Sourceforge project as its continued existence serves no
   purpose and it only confuses people who find it.  By deletion, nobody has
   to monitor it for a repeat of the Sept 2014 hacking incident
   <https://www.phoronix.com/scan.php?page=news_item&px=MTc4Mzg> or GIMP-type
   hijacking <https://lwn.net/Articles/646118/>?
   -

   The toughest question would be the appropriateness of auto-importing the
   subscriber list to another list server, as mass imports have a tendency to
   upset people.


Thoughts?

Warren Togami
------------------------------------------------------------------------------
_______________________________________________
Bitcoin-development mailing list
Bitcoin-development@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-development

Reply via email to