On Fri, Nov 05, 2010 at 01:46:07PM +0100, David Kastrup wrote: > Graham Percival <gra...@percival-music.ca> writes: > > > ------ from my comment 3 > > Before discussing anything specific, I want to settle the abstract > > question "should an OSS project have any kind of private mailing > > list?". You have two options: > > Unpatched security flaws affect a small circle of people when we are > talking about server security, and a possibly large circle when we are > talking about application security.
But should any discussion of those security flaws and work on patches be made on a private, non-public mailing list? > Commit access affects a different small circle of people. If somebody > uses Savannah to ask for commit access for CVS-based projects, a mail > will be sent to all people with project administrator status. A similar > setting would seem to apply for git access. But should any discussion about granting that access be made on a private, non-public mailing list? > Both scenarios involve a clearly-defined set of principally responsible > people, defined by technical necessities rather than a fuzzy "people > we(tm) feel good about" criterion. There is no technical necessity for either of those discussions to be private. There are a small number of people who are able (technically) to give that access, but that is not a social/organizational reason against having a larger discussion about it. The "fuzzy" comment is a complete non-sequeteur when we are debating the abstract notion of a private mailing list. > I am not particularly emotionally affected, merely trying to explain why > others might feel more strongly about this. I know why others might feel more strongly about it. If others had a bloody brain on their shoulders, and actually read what I wrote, and actually thought about what it meant, instead of going on an insane backstabbing rant, they might realize that my motives are exactly the same as theirs. I repeat: do you (not necessarily "David", but "anybody") agree that an OSS project can, in theory, have some kind of private mailing list? If not -- and if you (again, a general "you") really feel that we need to delay 2.14 in order to debate this -- then let's debate the abstract question. For the record, I believe that in some cases, a private mailing list is appropriate. I believe there is ample evidence that other projects have reached the same conclusion. I believe that at least one set of guidelines for runnning OSS projects explicitly recommends such a list. If you -- all of you -- agree that in some cases, a private mailing list is appropriate, then we could move on to the next step. Which case(s) are appropriate for lilypond, how should it be organized, etc. If you think it's worth delaying 2.14 in order to debate this. - Graham _______________________________________________ lilypond-devel mailing list lilypond-devel@gnu.org http://lists.gnu.org/mailman/listinfo/lilypond-devel