Re: Alternate proposal for Declassification of debian-private archives

2005-12-04 Thread Hamish Moffatt
On Thu, Dec 01, 2005 at 08:32:59AM -0600, Manoj Srivastava wrote:
 -   - requests by the author of a post for that post not to be published
 - will be honoured;
 +   - If the author makes a resonable case that some material is
 + sensitive, then that material is redacted from that post and any
 + other post where it has been quoted
 +
 +   - If the author indicates he does not wish to be associated with a
 + post, any identifying information is redacted from that post, 
 + and any quotes in subsequent posts, but the rest of the material
 + is published.

This policy is less generous than Aj's original proposal - the author
cannot veto for unreasonable reasons, only request anonymity. I think 
it's right to clarify the situation for quotes, but a full veto as per 
the original proposal is also desirable.


Hamish
-- 
Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: Alternate proposal for Declassification of debian-private archives

2005-12-02 Thread Simon Richter

Hi,

Jérôme Marant wrote:


  - the list of posts to be declassified will be made available to
developers two weeks before publication, so that the decisions

Two weeks is too short to review, IMO.


I didn't read that as a hard time limit between announcement and 
publication, but rather as the minimum wait time.



I'd like a confirmation if possible.


confirmation as in the drafters of this proposal thought of it this 
way, or as in there needs to be positive confirmation on -private 
before publishing a post? In the former case, this should be spelled 
out in the GR, in the latter I think it is unnecessary since everyone 
actively involved in the postings in question have already been asked 
and it's more of a speak up now or remain forever silent.


   Simon



signature.asc
Description: OpenPGP digital signature


Re: Alternate proposal for Declassification of debian-private archives

2005-12-02 Thread Paul Hedderly
My biggest problem with all this is that it's gonna mean a lot of work -
for the 'declassifying team' and for people who want to be bothered
about commenting on the process is respect of particular email. Thats
time that I feel could be better spent.

I do understand the motives...

--
Paul

On Thu, Dec 01, 2005 at 08:32:59AM -0600, Manoj Srivastava wrote:
 Hi,
 
 
 Rationale:
 
   I have been thinking about the kinds of reasons for not
  wanting to have a post to -private published. I came up with two
  major (reasonable) scenarios:
 
   a) The post contained sensitive material.
 
 In this case, if a reasonable case has been made for the
 material being sensitive, and one that the declassification
 teams accepted, then the material should be redacted from the
 post, and every post it has been quoted in. If it is sensitive
 in one post, it is sensitive in another.
 
   b) I do not want to be associated with the post in question
 
 In other words, if this showed up in google it may hurt my
 future job prospects post ;-). In this case, the post can be
 published, just every identifying  bit about the author needs
 be redacted from this post and the quotes.
 
  This latter action would, in my opinion, allow more of some
  informative, though heated, discussions to be available to posterity
  grin.
 
 Also, we are, in effect, considering retroactively overturning
  a published privacy policy; I think that we do need to state up front
  that the copyright holders wishes would be heeded, even when the post
  in question is quoted in other emails.
 
 Here is a diff from AJ's proposal. I am now formally seeking
  seconds for this modified proposal, which has explicit guidelines for
  the most common case for not wantng the posts to be published.
 
 manoj
 
 --
 In accordance with principles of openness and transparency, Debian will
 seek to declassify and publish posts of historical or ongoing significance
 made to the Debian Private Mailing List.
 
 This process will be undertaken under the following constraints:
 
   * The Debian Project Leader will delegate one or more volunteers
 to form the debian-private declassification team.
 
   * The team will automatically declassify and publish posts made to
 that list that are three or more years old, with the following
 exceptions:
 
 - the author and other individuals quoted in messages being reviewed
   will be contacted, and allowed between four and eight weeks
   to comment;
 
 - posts that reveal financial information about individuals or
   organisations other than Debian, will have that information
   removed;
 
 -   - requests by the author of a post for that post not to be published
 - will be honoured;
 +   - If the author makes a resonable case that some material is
 + sensitive, then that material is redacted from that post and any
 + other post where it has been quoted
 +
 +   - If the author indicates he does not wish to be associated with a
 + post, any identifying information is redacted from that post, 
 + and any quotes in subsequent posts, but the rest of the material
 + is published.
 
 - posts of no historical or other relevance, such as vacation
 - announcements, or posts that have no content after personal
 + announcements, or posts that have no content after
   information is removed, will not be published, unless the author
   requests they be published;
 
 - comments by others who would be affected by the publication of
   the post will also be taken into account by the declassification
   team;
 
 - the list of posts to be declassified will be made available to
   developers two weeks before publication, so that the decisions
   of the team may be overruled by the developer body by General
   Resolution, if necessary -- in the event such a resolution is
   introduced (ie, proposed and sponsored), the declassification
   and publication of messages specified by the resolution will be
   deferred until the resolution has been voted on.
 ---
 
 -- 
 Happiness adds and multiplies as we divide it with others.
 Manoj Srivastava   [EMAIL PROTECTED]  http://www.debian.org/%7Esrivasta/
 1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: Alternate proposal for Declassification of debian-private archives

2005-12-02 Thread Manoj Srivastava
On Fri, 2 Dec 2005 12:35:28 +1000, Anthony Towns aj@azure.humbug.org.au said: 

 (Followups to -vote)
 On Fri, Dec 02, 2005 at 08:30:37AM +1100, Robert Collins wrote:
 The primary reason for this is that the existing messages were sent
 to debian-private with an expectation of privacy.

 As Matthew pointed out in [0] this expectation of privacy isn't
 really that strong, fundamentally because -private is open to anyone
 who joins Debian, and Debian's open to anyone joining it.

It would apear your expectations are wildly different from
 mine. Given the figure of the number of people in defence and
 information techni=ology fieilds in the US, and the number of US
 based DD's  whoi have ever been in Debian since the inception of the
 project; the expectation of having a compromising post being known to
 a potential employer is of the order or one in 5000 to one in 1,
 computing very conservatively.

Seems like pretty darn decent numbers to me, compared to the
 alternative of making the psot available where any Tom, Dick, or
 Harry can just enter my name in google and get a hit.

manoj
-- 
(null cookie; hope that's ok)
Manoj Srivastava   [EMAIL PROTECTED]  http://www.debian.org/%7Esrivasta/
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: Alternate proposal for Declassification of debian-private archives

2005-12-01 Thread Jérôme Marant
Quoting Manoj Srivastava [EMAIL PROTECTED]:


   * The team will automatically declassify and publish posts made to
 that list that are three or more years old, with the following
 exceptions:

 - the author and other individuals quoted in messages being reviewed
   will be contacted, and allowed between four and eight weeks
   to comment;

What is this supposed to mean? If no comments have been made by the
author for eight weeks, messages will be automatically declassified?
It looks like a kind of opt out to me.

 - posts that reveal financial information about individuals or
   organisations other than Debian, will have that information
   removed;

 -   - requests by the author of a post for that post not to be published
 - will be honoured;
 +   - If the author makes a resonable case that some material is
 + sensitive, then that material is redacted from that post and any
 + other post where it has been quoted

Why is this necessary in addition to the following paragraph? Maybe I
did not understand correctly.

 +   - If the author indicates he does not wish to be associated with a
 + post, any identifying information is redacted from that post,
 + and any quotes in subsequent posts, but the rest of the material
 + is published.

 - posts of no historical or other relevance, such as vacation
 - announcements, or posts that have no content after personal
 + announcements, or posts that have no content after
   information is removed, will not be published, unless the author
   requests they be published;

 - comments by others who would be affected by the publication of
   the post will also be taken into account by the declassification
   team;

 - the list of posts to be declassified will be made available to
   developers two weeks before publication, so that the decisions

Two weeks is too short to review, IMO.

--
Jérôme Marant


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: Alternate proposal for Declassification of debian-private archives

2005-12-01 Thread Simon Richter

Hello,

Jérôme Marant wrote:


What is this supposed to mean? If no comments have been made by the
author for eight weeks, messages will be automatically declassified?
It looks like a kind of opt out to me.


True. It may be an idea to have another proposed amendment reversing the 
logic, and see how the people decide.


[two paragraphs about redacting articles]


Why is this necessary in addition to the following paragraph? Maybe I
did not understand correctly.


I think it's meant to show that there is the option of removing personal 
information but leaving the remainder of the post unchanged. If no such 
paragraph were present, people would simply say no and not think about 
the option. It's not a formal necessity, but since this GR is not going 
to become part of the constitution but rather a guideline on how to act, 
it is a good thing to spell everything out.



   - the list of posts to be declassified will be made available to
 developers two weeks before publication, so that the decisions



Two weeks is too short to review, IMO.


I didn't read that as a hard time limit between announcement and 
publication, but rather as the minimum wait time.


   Simon



signature.asc
Description: OpenPGP digital signature


Re: Alternate proposal for Declassification of debian-private archives

2005-12-01 Thread Adrian von Bidder
On Thursday 01 December 2005 15.32, Manoj Srivastava wrote:
 +   - If the author indicates he does not wish to be associated with a
 +     post, any identifying information is redacted from that post,
 +     and any quotes in subsequent posts, but the rest of the material
 +     is published.

Problem: it may still be easy to associate a post to its author based on 
context, writing style, ...  These sidechannel attacks are impossible to 
avoid if text is made public.

-- vbi

-- 
Beware of the FUD - know your enemies. This week
* The Alexis de Toqueville Institue *
http://fortytwo.ch/opinion/adti


pgp1BNp0NO9Qf.pgp
Description: PGP signature


Re: Alternate proposal for Declassification of debian-private archives

2005-12-01 Thread Joey Hess
Manoj Srivastava wrote:
   a) The post contained sensitive material.
 
 In this case, if a reasonable case has been made for the
 material being sensitive, and one that the declassification
 teams accepted, then the material should be redacted from the
 post, and every post it has been quoted in. If it is sensitive
 in one post, it is sensitive in another.

I'd kind of expect that to be done anyway under AJ's proposal. After
all, AJ's proposal says that the author of a post can request for it not
to be published, and for example by contributing the quoted material
above and below, you are a part author of this post that I am writing
now.

   b) I do not want to be associated with the post in question
 
 In other words, if this showed up in google it may hurt my
 future job prospects post ;-). In this case, the post can be
 published, just every identifying  bit about the author needs
 be redacted from this post and the quotes.

Successfully doing this could be quite hard, perhaps much harder than it
first appears. I've seen some interesting reserch in these areas that
indicates that it's much harder than would be expected to post
anonymously, and that elements such as style, time of day, etc can be
very effective in tracing an anonymised post back to its author. I don't
have URLs for the studies handy but I could dig them up.

For more a more personal take on it, note that I am reasonably sure that
I can identify any text of more than a few words that you've written in
the past 10 years or so in Debian -- I know you, I know the identifying
characteristics of your text and even some of your common typo forms.
It's quite possible you have the same ability to identify text I have
written. This makes obfuscation difficult.

If I were part of the declassification team (and yes, I do plan to
volenteer to be on it), I would consider this obfuscation to be too
challanging to do, and would have to treat requests to do it as requests
to not publish the post and derivatives. Which makes your proposal have
an identical result as AJ's.

-- 
see shy jo


signature.asc
Description: Digital signature


Re: Alternate proposal for Declassification of debian-private archives

2005-12-01 Thread Joey Hess
Here are the urls I didn't find for my other post:

http://vitanuova.loyalty.org/nb/nb.cgi/view/vitanuova/2005/03/13/0
http://www.usenix.org/publications/library/proceedings/sec2000/full_papers/rao/rao.pdf
http://vitanuova.loyalty.org/NewsBruiser-2.6.1/nb.cgi/view/vitanuova/2005/04/06/0
http://en.wikipedia.org/wiki/Stylometry
http://www.sciencenews.org/articles/20031220/bob8.asp

-- 
see shy jo


signature.asc
Description: Digital signature


Re: Alternate proposal for Declassification of debian-private archives

2005-12-01 Thread Jérôme Marant
Simon Richter [EMAIL PROTECTED] writes:

 Hello,

 Jérôme Marant wrote:

 What is this supposed to mean? If no comments have been made by the
 author for eight weeks, messages will be automatically declassified?
 It looks like a kind of opt out to me.

 True. It may be an idea to have another proposed amendment reversing the 
 logic, and see how the people decide.

I agree.

 [two paragraphs about redacting articles]

 Why is this necessary in addition to the following paragraph? Maybe I
 did not understand correctly.

 I think it's meant to show that there is the option of removing personal 
 information but leaving the remainder of the post unchanged. If no such 
 paragraph were present, people would simply say no and not think about 
 the option. It's not a formal necessity, but since this GR is not going 
 to become part of the constitution but rather a guideline on how to act, 
 it is a good thing to spell everything out.

I see. Thank you.

- the list of posts to be declassified will be made available to
  developers two weeks before publication, so that the decisions

 Two weeks is too short to review, IMO.

 I didn't read that as a hard time limit between announcement and 
 publication, but rather as the minimum wait time.

I'd like a confirmation if possible.

Thanks.

-- 
Jérôme Marant



Re: Alternate proposal for Declassification of debian-private archives

2005-12-01 Thread Robert Collins
On Thu, 2005-12-01 at 08:32 -0600, Manoj Srivastava wrote:
 Hi,
 
 
...
 - the author and other individuals quoted in messages being reviewed
   will be contacted, and allowed between four and eight weeks
   to comment;

I think the default behaviour should be to keep the post private, not to
open it up. That is, if the author and other individuals do not reply,
the message is kept hidden.

The primary reason for this is that the existing messages were sent to
debian-private with an expectation of privacy. Folk that have changed
address or become otherwise not-immediately available may still care,
and the principle of least surprise should apply.

We can however change the expectations for new messages being sent to
debian-private, and in 3 years *they* would become public by default.

Rob

-- 
GPG key available at: http://www.robertcollins.net/keys.txt.


signature.asc
Description: This is a digitally signed message part


Re: Alternate proposal for Declassification of debian-private archives

2005-12-01 Thread Dave Holland
On Fri, Dec 02, 2005 at 08:30:37AM +1100, Robert Collins wrote:
 I think the default behaviour should be to keep the post private, not to
 open it up. That is, if the author and other individuals do not reply,
 the message is kept hidden.
 
 The primary reason for this is that the existing messages were sent to
 debian-private with an expectation of privacy. Folk that have changed
 address or become otherwise not-immediately available may still care,
 and the principle of least surprise should apply.
 
 We can however change the expectations for new messages being sent to
 debian-private, and in 3 years *they* would become public by default.

Seconded, on all points, for the same reasons.

Dave


signature.asc
Description: Digital signature


Re: Alternate proposal for Declassification of debian-private archives

2005-12-01 Thread sean finney
On Thu, Dec 01, 2005 at 09:56:48PM +, Dave Holland wrote:
 On Fri, Dec 02, 2005 at 08:30:37AM +1100, Robert Collins wrote:
  I think the default behaviour should be to keep the post private, not to
  open it up. That is, if the author and other individuals do not reply,
  the message is kept hidden.
  
  The primary reason for this is that the existing messages were sent to
  debian-private with an expectation of privacy. Folk that have changed
  address or become otherwise not-immediately available may still care,
  and the principle of least surprise should apply.
  
  We can however change the expectations for new messages being sent to
  debian-private, and in 3 years *they* would become public by default.
 
 Seconded, on all points, for the same reasons.

Thirded.


sean

-- 


signature.asc
Description: Digital signature


Re: Alternate proposal for Declassification of debian-private archives

2005-12-01 Thread Daniel Ruoso
Em Qui, 2005-12-01 às 08:32 -0600, Manoj Srivastava escreveu:
   a) The post contained sensitive material.
 In this case, if a reasonable case has been made for the
 material being sensitive, and one that the declassification
 teams accepted, then the material should be redacted from the
 post, and every post it has been quoted in. If it is sensitive
 in one post, it is sensitive in another.

So it's not a declassification after all, it's just a proccess of
getting the posts that shouldn't be on -private out of it

It's obvious to me that many posts on -private are there because they
*are* sensitive material, and if we're not going to open that, then it's
not declassification at all.

This is a hard decision, I know, but that's why it is a GR. The question
is if we do want to expose our internals! if we do, we should really do
it, not just publish some selected things, it can't be called
declassification if we select which materials are of our interest to be
public.

daniel

P.S.: I know, the current proposal isn't exactly that way (I agreed to
make it happen), but this alternate proposal is getting too far from the
original idea.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]



Re: Alternate proposal for Declassification of debian-private archives

2005-12-01 Thread Anthony Towns
(Followups to -vote)

On Fri, Dec 02, 2005 at 08:30:37AM +1100, Robert Collins wrote:
 The primary reason for this is that the existing messages were sent to
 debian-private with an expectation of privacy.

As Matthew pointed out in [0] this expectation of privacy isn't really
that strong, fundamentally because -private is open to anyone who joins
Debian, and Debian's open to anyone joining it.

[0] http://lists.debian.org/debian-vote/2005/11/msg00033.html

Cheers,
aj



signature.asc
Description: Digital signature


Re: Alternate proposal for Declassification of debian-private archives

2005-12-01 Thread Robert Collins
On Fri, 2005-12-02 at 12:35 +1000, Anthony Towns wrote:
 (Followups to -vote)
 
 On Fri, Dec 02, 2005 at 08:30:37AM +1100, Robert Collins wrote:
  The primary reason for this is that the existing messages were sent to
  debian-private with an expectation of privacy.
 
 As Matthew pointed out in [0] this expectation of privacy isn't really
 that strong, fundamentally because -private is open to anyone who joins
 Debian, and Debian's open to anyone joining it.
 
 [0] http://lists.debian.org/debian-vote/2005/11/msg00033.html

Part of beccoming a member is agreeing to uphold the policies of Debian
- such as the privacy of closed lists. (I don't recall exactly where I
read that, but I do recall reading it).

Current population is what 6 Billion?
Active members ~800 ?

I think there is a freaking huge difference between 'anyone who shows
the interest, effort, sanity and reliability needed to pass NM can read
my posts' and 'Jack The Ripper in outer mongolia can read them.'

Rob

-- 
GPG key available at: http://www.robertcollins.net/keys.txt.


signature.asc
Description: This is a digitally signed message part