On Sat, Dec 03, 2005 at 01:41:24PM +0100, Adrian von Bidder wrote: > > > The primary reason for this is that the existing messages were sent to > > > debian-private with an expectation of privacy. > > As Matthew pointed out in [0] this expectation of privacy isn't really > > that strong, fundamentally because -private is open to anyone who joins > > Debian, and Debian's open to anyone joining it. > But even taking into account anybody being theoretically able to join > Debian, a -private post being readable in tha archive is still a huge > difference to the same post being available via google and other search > tools.
This kind of brings to mind the opening chapter of the HHGTTG, where the plans on "public display" were in a locked filing cabinet in a disused lavatory in attic with no stairs or lights, with a sign saying "beware of the leopard", and a policy that no one should ever tell you about the plans in advance. The reason it brings that to mind is that if you're letting anyone access stuff, but possibly requiring them to go to some trouble to do so, then that's not actually that different from a pre-internet concept of "public availability". Right now, getting some of the more detailed breakdowns from the Australian Bureau of Statistics will easily cost you as your time going through n-m is probably worth, eg. Don't get me wrong, there's a real difference between having -private accessible to anyone as long as they go through n-m, just as there's a difference between ABS stats being available free or not. And you can certainly expect the less available info to be substantially more exclusive in both cases. But that's not enough to give you a pass for privacy concerns -- certainly in the ABS case, you don't want the for pay information to include private information of individual citizens any more than you want that in the free information. As far as I can see, similar reasoning applies for -private: sure, less people will see it, and maybe they'll be nicer people, just like you might hope that it'll mostly be university statisticians not organised criminals looking to steal identities or nosy neighbours looking for gossip buying data from the ABS. Basically, that's a "security by obscurity" approach -- things stay private as long as no one goes to the effort of snooping. And I mean, that's okay -- I'm not trying to argue -private should be done away in favour of purely public lists -- I'm just trying to get the point across that the idea that -private is a good place for secrets that shouldn't see the light of day already doesn't match reality. (As you might guess, I've been thinking about making -private less of a dark underbelly for Debian for a while already, and I hadn't thought the above through until writing it just now; so I'm not trying to say that the above's the final word or anything, just that, IMHO, there's more to this beyond the simple public/secret dichotomy) Cheers, aj
signature.asc
Description: Digital signature
