Okay, incorporating Manoj's proposed changes, and some other ideas: On Tue, Nov 15, 2005 at 12:08:15PM +1000, Anthony Towns wrote: > One of the issues Debian often stands for is transparency and openness > -- indeed, the openness of our bug tracking system is codified in the > Social Contract's statement "We will not hide problems". However, one > particular area of significance within the project is not open at all: > the debian-private mailing list. > > This list has hosted a number of significant discussions over the years, > including most of the discussion inspiring the original statement > of Debian's Social Contract and the Debian Free Software Guidelines, > the reinvetion of the new-maintainer process, debate on the qmail to > exim/postfix transition for Debian mail servers and more. This trend > continues today, with the six months just past have averaged around 190 > posts per month. > > Especially given Debian is the focus of academic work (such as Biella > Coleman's paper), and has inspired other groups to emulate our commitment > to free software and our community (GenToo, Wikipedia, the Open Directory > Project and OpenSolaris), we should make our discussions on issues like > these and the reasoning behind the solutions we adopt accessible to the > rest of humanity. > > I think the easiest way to do that is to adopt an approach similar to that > of governments that deal with classified documents; that is by setting a > specific time after which -private posts will be required to be considered > for declassification (ie, publication) and redacting only those posts (or > portions of posts) for which there's still a good reason to keep private.
Thus, I propose that the Debian project resolve that: --- In accordance with principles of openness and transparency, Debian will seek to declassify and publish posts of historical or ongoing significance made to the Debian Private Mailing List. This process will be undertaken under the following constraints: * The Debian Project Leader will delegate one or more volunteers to form the "debian-private declassification team". * The team will automatically declassify and publish posts made to that list that are three or more years old, with the following exceptions: - the author and other individuals quoted in messages being reviewed will be contacted, and allowed between four and eight weeks to comment; - posts that reveal financial information about individuals or organisations other than Debian, will have that information removed; - requests by the author of a post for that post not to be published will be honoured; - posts of no historical or other relevance, such as vacation announcements, or posts that have no content after personal information is removed, will not be published, unless the author requests they be published; - comments by others who would be affected by the publication of the post will also be taken into account by the declassification team; - the list of posts to be declassified will be made available to developers two weeks before publication, so that the decisions of the team may be overruled by the developer body by General Resolution, if necessary -- in the event such a resolution is introduced (ie, proposed and sponsored), the declassification and publication of messages specified by the resolution will be deferred until the resolution has been voted on. --- > According to the interweb, classified US government documents relating > to national security have to be released after at most ten years (unless > there're particular reasons to extend that); the oldest mail in the > -private archives turns ten on January 21st next year. I don't want to > see Debian be more secretive than the US military industrial complex :) > > And beyond that, there really are a lot of good ideas stuck in the > -private archives that it'd be nice to be able to refer to properly. The changes since the original: - authors have a veto over publication (Manoj's changes) - people quoted in messages rather than other recipients should be contacted - security problems don't get special treatment; they can be vetoed by the post's author though - specific details for overriding the team's decisions by the developers Seconds so far: Don Armstrong (original or Manoj's changes) Joey Hess (original only, no comment on Manoj's changes) Wouter Verhelst (Manoj's changes, no comment on original) Bas Zoetekouw (Manoj's changes, no comment on original) Daniel Ruoso (original preferred over Manoj's changes) Five's enough to second a proposal, but only if they all second the same one :) > Comments, suggestions and seconds appreciated. Cheers, aj
signature.asc
Description: Digital signature