Re: Alternate proposal for Declassification of debian-private archives
On Thu, Dec 01, 2005 at 08:32:59AM -0600, Manoj Srivastava wrote: - - requests by the author of a post for that post not to be published - will be honoured; + - If the author makes a resonable case that some material is + sensitive, then that material is redacted from that post and any + other post where it has been quoted + + - If the author indicates he does not wish to be associated with a + post, any identifying information is redacted from that post, + and any quotes in subsequent posts, but the rest of the material + is published. This policy is less generous than Aj's original proposal - the author cannot veto for unreasonable reasons, only request anonymity. I think it's right to clarify the situation for quotes, but a full veto as per the original proposal is also desirable. Hamish -- Hamish Moffatt VK3SB [EMAIL PROTECTED] [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Alternate proposal for Declassification of debian-private archives
Hi, Jérôme Marant wrote: - the list of posts to be declassified will be made available to developers two weeks before publication, so that the decisions Two weeks is too short to review, IMO. I didn't read that as a hard time limit between announcement and publication, but rather as the minimum wait time. I'd like a confirmation if possible. confirmation as in the drafters of this proposal thought of it this way, or as in there needs to be positive confirmation on -private before publishing a post? In the former case, this should be spelled out in the GR, in the latter I think it is unnecessary since everyone actively involved in the postings in question have already been asked and it's more of a speak up now or remain forever silent. Simon signature.asc Description: OpenPGP digital signature
Re: Alternate proposal for Declassification of debian-private archives
My biggest problem with all this is that it's gonna mean a lot of work - for the 'declassifying team' and for people who want to be bothered about commenting on the process is respect of particular email. Thats time that I feel could be better spent. I do understand the motives... -- Paul On Thu, Dec 01, 2005 at 08:32:59AM -0600, Manoj Srivastava wrote: Hi, Rationale: I have been thinking about the kinds of reasons for not wanting to have a post to -private published. I came up with two major (reasonable) scenarios: a) The post contained sensitive material. In this case, if a reasonable case has been made for the material being sensitive, and one that the declassification teams accepted, then the material should be redacted from the post, and every post it has been quoted in. If it is sensitive in one post, it is sensitive in another. b) I do not want to be associated with the post in question In other words, if this showed up in google it may hurt my future job prospects post ;-). In this case, the post can be published, just every identifying bit about the author needs be redacted from this post and the quotes. This latter action would, in my opinion, allow more of some informative, though heated, discussions to be available to posterity grin. Also, we are, in effect, considering retroactively overturning a published privacy policy; I think that we do need to state up front that the copyright holders wishes would be heeded, even when the post in question is quoted in other emails. Here is a diff from AJ's proposal. I am now formally seeking seconds for this modified proposal, which has explicit guidelines for the most common case for not wantng the posts to be published. manoj -- In accordance with principles of openness and transparency, Debian will seek to declassify and publish posts of historical or ongoing significance made to the Debian Private Mailing List. This process will be undertaken under the following constraints: * The Debian Project Leader will delegate one or more volunteers to form the debian-private declassification team. * The team will automatically declassify and publish posts made to that list that are three or more years old, with the following exceptions: - the author and other individuals quoted in messages being reviewed will be contacted, and allowed between four and eight weeks to comment; - posts that reveal financial information about individuals or organisations other than Debian, will have that information removed; - - requests by the author of a post for that post not to be published - will be honoured; + - If the author makes a resonable case that some material is + sensitive, then that material is redacted from that post and any + other post where it has been quoted + + - If the author indicates he does not wish to be associated with a + post, any identifying information is redacted from that post, + and any quotes in subsequent posts, but the rest of the material + is published. - posts of no historical or other relevance, such as vacation - announcements, or posts that have no content after personal + announcements, or posts that have no content after information is removed, will not be published, unless the author requests they be published; - comments by others who would be affected by the publication of the post will also be taken into account by the declassification team; - the list of posts to be declassified will be made available to developers two weeks before publication, so that the decisions of the team may be overruled by the developer body by General Resolution, if necessary -- in the event such a resolution is introduced (ie, proposed and sponsored), the declassification and publication of messages specified by the resolution will be deferred until the resolution has been voted on. --- -- Happiness adds and multiplies as we divide it with others. Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Alternate proposal for Declassification of debian-private archives
On Fri, 2 Dec 2005 12:35:28 +1000, Anthony Towns aj@azure.humbug.org.au said: (Followups to -vote) On Fri, Dec 02, 2005 at 08:30:37AM +1100, Robert Collins wrote: The primary reason for this is that the existing messages were sent to debian-private with an expectation of privacy. As Matthew pointed out in [0] this expectation of privacy isn't really that strong, fundamentally because -private is open to anyone who joins Debian, and Debian's open to anyone joining it. It would apear your expectations are wildly different from mine. Given the figure of the number of people in defence and information techni=ology fieilds in the US, and the number of US based DD's whoi have ever been in Debian since the inception of the project; the expectation of having a compromising post being known to a potential employer is of the order or one in 5000 to one in 1, computing very conservatively. Seems like pretty darn decent numbers to me, compared to the alternative of making the psot available where any Tom, Dick, or Harry can just enter my name in google and get a hit. manoj -- (null cookie; hope that's ok) Manoj Srivastava [EMAIL PROTECTED] http://www.debian.org/%7Esrivasta/ 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Alternate proposal for Declassification of debian-private archives
Quoting Manoj Srivastava [EMAIL PROTECTED]: * The team will automatically declassify and publish posts made to that list that are three or more years old, with the following exceptions: - the author and other individuals quoted in messages being reviewed will be contacted, and allowed between four and eight weeks to comment; What is this supposed to mean? If no comments have been made by the author for eight weeks, messages will be automatically declassified? It looks like a kind of opt out to me. - posts that reveal financial information about individuals or organisations other than Debian, will have that information removed; - - requests by the author of a post for that post not to be published - will be honoured; + - If the author makes a resonable case that some material is + sensitive, then that material is redacted from that post and any + other post where it has been quoted Why is this necessary in addition to the following paragraph? Maybe I did not understand correctly. + - If the author indicates he does not wish to be associated with a + post, any identifying information is redacted from that post, + and any quotes in subsequent posts, but the rest of the material + is published. - posts of no historical or other relevance, such as vacation - announcements, or posts that have no content after personal + announcements, or posts that have no content after information is removed, will not be published, unless the author requests they be published; - comments by others who would be affected by the publication of the post will also be taken into account by the declassification team; - the list of posts to be declassified will be made available to developers two weeks before publication, so that the decisions Two weeks is too short to review, IMO. -- Jérôme Marant -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Alternate proposal for Declassification of debian-private archives
Hello, Jérôme Marant wrote: What is this supposed to mean? If no comments have been made by the author for eight weeks, messages will be automatically declassified? It looks like a kind of opt out to me. True. It may be an idea to have another proposed amendment reversing the logic, and see how the people decide. [two paragraphs about redacting articles] Why is this necessary in addition to the following paragraph? Maybe I did not understand correctly. I think it's meant to show that there is the option of removing personal information but leaving the remainder of the post unchanged. If no such paragraph were present, people would simply say no and not think about the option. It's not a formal necessity, but since this GR is not going to become part of the constitution but rather a guideline on how to act, it is a good thing to spell everything out. - the list of posts to be declassified will be made available to developers two weeks before publication, so that the decisions Two weeks is too short to review, IMO. I didn't read that as a hard time limit between announcement and publication, but rather as the minimum wait time. Simon signature.asc Description: OpenPGP digital signature
Re: Alternate proposal for Declassification of debian-private archives
On Thursday 01 December 2005 15.32, Manoj Srivastava wrote: + - If the author indicates he does not wish to be associated with a + post, any identifying information is redacted from that post, + and any quotes in subsequent posts, but the rest of the material + is published. Problem: it may still be easy to associate a post to its author based on context, writing style, ... These sidechannel attacks are impossible to avoid if text is made public. -- vbi -- Beware of the FUD - know your enemies. This week * The Alexis de Toqueville Institue * http://fortytwo.ch/opinion/adti pgp1BNp0NO9Qf.pgp Description: PGP signature
Re: Alternate proposal for Declassification of debian-private archives
Manoj Srivastava wrote: a) The post contained sensitive material. In this case, if a reasonable case has been made for the material being sensitive, and one that the declassification teams accepted, then the material should be redacted from the post, and every post it has been quoted in. If it is sensitive in one post, it is sensitive in another. I'd kind of expect that to be done anyway under AJ's proposal. After all, AJ's proposal says that the author of a post can request for it not to be published, and for example by contributing the quoted material above and below, you are a part author of this post that I am writing now. b) I do not want to be associated with the post in question In other words, if this showed up in google it may hurt my future job prospects post ;-). In this case, the post can be published, just every identifying bit about the author needs be redacted from this post and the quotes. Successfully doing this could be quite hard, perhaps much harder than it first appears. I've seen some interesting reserch in these areas that indicates that it's much harder than would be expected to post anonymously, and that elements such as style, time of day, etc can be very effective in tracing an anonymised post back to its author. I don't have URLs for the studies handy but I could dig them up. For more a more personal take on it, note that I am reasonably sure that I can identify any text of more than a few words that you've written in the past 10 years or so in Debian -- I know you, I know the identifying characteristics of your text and even some of your common typo forms. It's quite possible you have the same ability to identify text I have written. This makes obfuscation difficult. If I were part of the declassification team (and yes, I do plan to volenteer to be on it), I would consider this obfuscation to be too challanging to do, and would have to treat requests to do it as requests to not publish the post and derivatives. Which makes your proposal have an identical result as AJ's. -- see shy jo signature.asc Description: Digital signature
Re: Alternate proposal for Declassification of debian-private archives
Here are the urls I didn't find for my other post: http://vitanuova.loyalty.org/nb/nb.cgi/view/vitanuova/2005/03/13/0 http://www.usenix.org/publications/library/proceedings/sec2000/full_papers/rao/rao.pdf http://vitanuova.loyalty.org/NewsBruiser-2.6.1/nb.cgi/view/vitanuova/2005/04/06/0 http://en.wikipedia.org/wiki/Stylometry http://www.sciencenews.org/articles/20031220/bob8.asp -- see shy jo signature.asc Description: Digital signature
Re: Alternate proposal for Declassification of debian-private archives
Simon Richter [EMAIL PROTECTED] writes: Hello, Jérôme Marant wrote: What is this supposed to mean? If no comments have been made by the author for eight weeks, messages will be automatically declassified? It looks like a kind of opt out to me. True. It may be an idea to have another proposed amendment reversing the logic, and see how the people decide. I agree. [two paragraphs about redacting articles] Why is this necessary in addition to the following paragraph? Maybe I did not understand correctly. I think it's meant to show that there is the option of removing personal information but leaving the remainder of the post unchanged. If no such paragraph were present, people would simply say no and not think about the option. It's not a formal necessity, but since this GR is not going to become part of the constitution but rather a guideline on how to act, it is a good thing to spell everything out. I see. Thank you. - the list of posts to be declassified will be made available to developers two weeks before publication, so that the decisions Two weeks is too short to review, IMO. I didn't read that as a hard time limit between announcement and publication, but rather as the minimum wait time. I'd like a confirmation if possible. Thanks. -- Jérôme Marant
Re: Alternate proposal for Declassification of debian-private archives
On Thu, 2005-12-01 at 08:32 -0600, Manoj Srivastava wrote: Hi, ... - the author and other individuals quoted in messages being reviewed will be contacted, and allowed between four and eight weeks to comment; I think the default behaviour should be to keep the post private, not to open it up. That is, if the author and other individuals do not reply, the message is kept hidden. The primary reason for this is that the existing messages were sent to debian-private with an expectation of privacy. Folk that have changed address or become otherwise not-immediately available may still care, and the principle of least surprise should apply. We can however change the expectations for new messages being sent to debian-private, and in 3 years *they* would become public by default. Rob -- GPG key available at: http://www.robertcollins.net/keys.txt. signature.asc Description: This is a digitally signed message part
Re: Alternate proposal for Declassification of debian-private archives
On Fri, Dec 02, 2005 at 08:30:37AM +1100, Robert Collins wrote: I think the default behaviour should be to keep the post private, not to open it up. That is, if the author and other individuals do not reply, the message is kept hidden. The primary reason for this is that the existing messages were sent to debian-private with an expectation of privacy. Folk that have changed address or become otherwise not-immediately available may still care, and the principle of least surprise should apply. We can however change the expectations for new messages being sent to debian-private, and in 3 years *they* would become public by default. Seconded, on all points, for the same reasons. Dave signature.asc Description: Digital signature
Re: Alternate proposal for Declassification of debian-private archives
On Thu, Dec 01, 2005 at 09:56:48PM +, Dave Holland wrote: On Fri, Dec 02, 2005 at 08:30:37AM +1100, Robert Collins wrote: I think the default behaviour should be to keep the post private, not to open it up. That is, if the author and other individuals do not reply, the message is kept hidden. The primary reason for this is that the existing messages were sent to debian-private with an expectation of privacy. Folk that have changed address or become otherwise not-immediately available may still care, and the principle of least surprise should apply. We can however change the expectations for new messages being sent to debian-private, and in 3 years *they* would become public by default. Seconded, on all points, for the same reasons. Thirded. sean -- signature.asc Description: Digital signature
Re: Alternate proposal for Declassification of debian-private archives
Em Qui, 2005-12-01 às 08:32 -0600, Manoj Srivastava escreveu: a) The post contained sensitive material. In this case, if a reasonable case has been made for the material being sensitive, and one that the declassification teams accepted, then the material should be redacted from the post, and every post it has been quoted in. If it is sensitive in one post, it is sensitive in another. So it's not a declassification after all, it's just a proccess of getting the posts that shouldn't be on -private out of it It's obvious to me that many posts on -private are there because they *are* sensitive material, and if we're not going to open that, then it's not declassification at all. This is a hard decision, I know, but that's why it is a GR. The question is if we do want to expose our internals! if we do, we should really do it, not just publish some selected things, it can't be called declassification if we select which materials are of our interest to be public. daniel P.S.: I know, the current proposal isn't exactly that way (I agreed to make it happen), but this alternate proposal is getting too far from the original idea. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Alternate proposal for Declassification of debian-private archives
(Followups to -vote) On Fri, Dec 02, 2005 at 08:30:37AM +1100, Robert Collins wrote: The primary reason for this is that the existing messages were sent to debian-private with an expectation of privacy. As Matthew pointed out in [0] this expectation of privacy isn't really that strong, fundamentally because -private is open to anyone who joins Debian, and Debian's open to anyone joining it. [0] http://lists.debian.org/debian-vote/2005/11/msg00033.html Cheers, aj signature.asc Description: Digital signature
Re: Alternate proposal for Declassification of debian-private archives
On Fri, 2005-12-02 at 12:35 +1000, Anthony Towns wrote: (Followups to -vote) On Fri, Dec 02, 2005 at 08:30:37AM +1100, Robert Collins wrote: The primary reason for this is that the existing messages were sent to debian-private with an expectation of privacy. As Matthew pointed out in [0] this expectation of privacy isn't really that strong, fundamentally because -private is open to anyone who joins Debian, and Debian's open to anyone joining it. [0] http://lists.debian.org/debian-vote/2005/11/msg00033.html Part of beccoming a member is agreeing to uphold the policies of Debian - such as the privacy of closed lists. (I don't recall exactly where I read that, but I do recall reading it). Current population is what 6 Billion? Active members ~800 ? I think there is a freaking huge difference between 'anyone who shows the interest, effort, sanity and reliability needed to pass NM can read my posts' and 'Jack The Ripper in outer mongolia can read them.' Rob -- GPG key available at: http://www.robertcollins.net/keys.txt. signature.asc Description: This is a digitally signed message part