Re: GR: Declassifying debian-private: second call for votes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Thanks Ian, for summarizing the options. I have a slight disagreement with
your interpretation though.
On Mon, Oct 17, 2016 at 02:16:15PM +0100, Ian Jackson wrote:
> I support both Option 2 ("Acknowledge difficulty", my proposal) and
> Option 3 ("Remain private", Iain's proposal). I firmly oppose
> Option 1 ("Repeal previous GR", Gunnar's).
>
> I think Option 1 is quite bad. I will rank option 1 below the FD (ie
> the status quo). I recommend everyone else do so.
I don't. While I agree with your criticism that option 1 isn't good, I believe
it is still better to repeal the 2005 GR than to keep it around. Just
repealing the GR doesn't change anything in practice (and that would be
unfortunate), but it does clean up some junk, so IMO it's still better than FD.
Personally, I want -private to be a private channel. That means I voted for
option 3. Under this proposal, posts can still be made public if all
participants to the thread agree to it. As I see it, something like tagging
each message with an embargo date is explicit agreement, so such a method would
still be possible when this option wins.
As for a rebuttal of option 2: people who post to -private expect their posts
to be private. I want that to be true. Option 2 allows the listmasters to
come up with a plan to declassify some posts without the authors explicitly
consenting to it. I believe that to be dangerous for two reasons:
1. It makes the list less safe to post on. I want us to have a channel where
we don't need to worry about things being made public. Adding rules like
"if you didn't say the magic words, you're in danger" means we need to be
more careful when posting, and that is bad, IMO.
2. I don't think the listmasters should take the burden. Now that I think of
it, it really seems like it keeps the 2005 GR, but instead of saying "anyone
can do it", it says "the listmasters can do it". They could have done it
before and didn't, I have no reason to expect them to do it now. If I were
them, I would also not want this extra job, but I haven't heard them
speaking out, so perhaps they do.
> When this GR is out of the way, I think some of those contributors who
> care a lot about improving our transparency will want to revisit this
> issue.
I think they will no matter what the outcome is. They were asked to provide an
option for this ballot, but unfortunately no such option was proposed.
> I think all of these are quite reasonable points of view; and without
> a clear statement from the GR about where the majority of the
> projects' opinion lies, who is to say that these contributors are
> wrong ?
This GR would still give some information about that. If option 1 wins, but FD
is not next (and especially if option 3 is above option 2), I believe it means
"we don't want to make formal statements about it, but this is how we feel".
> The main difference [between options 2 and 3] is that Option 3 would make it
> impossible to invent, or experiment with, new ways of handling -private in
> the future.
No, I disagree. Ways that include explicit consent of all authors can be
implemented under those rules. For publishing posts where explicit consent
cannot be obtained, a new GR would be required. I believe that is reasonable.
Consent is normally easy to obtain. If it's not (for example because the
person has died) and the thread is of great value, a GR does not sound like an
unreasonable requirement to me.
> That would be a shame. There are some threads on -private which I think the
> participants would be quite happy to see declassified at an appropriate time
> (for example ones discussing security vulnerabilities).
If the participants all want to declassify a thread, they can under every
option on the ballot.
> Several people have suggested forms of subject-line tagging, for example,
> which might make that possible, while still allowing people to post messages
> which will never be disclosed.
Option 3 allows for this, as long as the tag is an opt-in for disclosure; it
does not allow implicit consent by not using a tag.
> If you feel that benefits of possible improvements to the transparency of
> -private are negligible, or that they are outweighed by the risk of madness
> on the part of listmaster, or even by the necessary discussions (arguments)
> about the shape of such a scheme, then you should rank 3 ahead of 2.
Just to add here: I have full confidence in the listmasters and believe they
would not abuse their powers that option 2 gives them. But that doesn't mean I
think they need those powers.
I haven't heard anyone say they don't trust listmasters, so I'm not sure if
that is even true for one voter. This doesn't seem to be something that needs
to be considered.
> I think people who are very keen on transparency should vote
> along with me,
> 2 > 3 > FD > 1
I think they should have proposed an amendment. ;)
But now that they didn't
Re: GR: Declassifying debian-private: second call for votes
Ian Jackson dijo [Mon, Oct 17, 2016 at 02:16:15PM +0100]:
> Charles Plessy writes ("Re: GR: Declassifying debian-private: second call for
> votes"):
> > out of context, it is hard to chose between the options that each of you are
> > presenting in this GR.
> >
> > Could you briefly rebut each other's options ? I think that it would help
> > a
> > lot.
Hi Charles, and thanks for this question. I'm answering to Ian's
message, as I mostly agree with him, but there are several points
where we have different points of view.
First and foremost, let me be clear: I do *not* believe my option is
the best. But I stated my preference to have it *available on the
ballot* instead of replacing its text altogether, as happened in the
August GR.
I helped Nicolas draft the original text, and while it is ambiguous,
it has a strong virtue over the status quo: It saves us from lying, it
cleans our face by saying "we would love to, but we failed".
> I support both Option 2 ("Acknowledge difficulty", my proposal) and
> Option 3 ("Remain private", Iain's proposal). I firmly oppose
> Option 1 ("Repeal previous GR", Gunnar's).
>
> I think Option 1 is quite bad. I will rank option 1 below the FD (ie
> the status quo). I recommend everyone else do so.
I voted 312-, that means, I prefer Ian's option, then Iain's, then
mine, then FD. I really hope this will be aligned with the rest of the
project — but I strongly prefer the gray area where declassification
is not-strictly-but-kindof-authorized-or-maybe-not to the listmasters
to staying firm by a promise we don't intend on keeping.
I do not think that the existence of d-private breaks our SC's promise
not to hide our problems, and as many others have stated, I recognize
there will always be the possibility of private communication between
groups of individuals. So, repealing the 2005 GR basically
acknowledges that there might a group of individuals, a strict subset
of the DDs, that have a common place to talk to each other (while they
try to refrain from doing so whenever possible).
> I doubt that listmaster will be pleased to enter this fray. Our
> listmasters are sensible people who will not want to act in such a
> controversial area, when their authority is doubtful.
Let me embrace this half-paragraph. When coming to a vote decision, I
*hope* we can all remember the good work done by our listmasters, and
stop pretending they will breach the project's trust and confidence,
even if they were able to.
> So this question will drag on with occasional rumblings, perhaps
> for years. The dispute might finally be ended only by a second GR.
Second? Fourth, rather.
> Please vote Option 1 below Further Discussion, or at least below
> both Option 2 and Option 3.
That's our main disagreement. I see value in "just" repealing the 2005
GR. I think the reason the August GR failed is because it replaced a
"decently good" text with a "better but worse" one — By listing
declassification actions, some people felt threatened by the wording
of the proposed status-quo, or felt it could threaten privacy in the
future given a set of conditions. Not having an
imperfect-but-better-than-FD option such as the original propoal,
slightly over a majority of DDs voted against the GR. I honestly hope
options 2 or 3 win, but would be content if the one I proposed does.
> If you feel that benefits of possible improvements to the transparency
> of -private are negligible, or that they are outweighed by the risk of
> madness on the part of listmaster, or even by the necessary
> discussions (arguments) about the shape of such a scheme, then you
> should rank 3 ahead of 2.
>
> For you, then, Option 1 is very bad. If you don't have confidence in
> our current and future listmasters, not do do something bad, then
> leaving listamster with a wide but disputed authority is precisely the
> risk you would want to avoid.
Right. As I do trust the people in the project, and I trust
listmasters not to snap and start publishing d-private "just because",
I don't see this risk as particularly compelling.
Greetings,
signature.asc
Description: Digital signature
Re: GR: Declassifying debian-private: second call for votes
Charles Plessy writes ("Re: GR: Declassifying debian-private: second call for
votes"):
> out of context, it is hard to chose between the options that each of you are
> presenting in this GR.
>
> Could you briefly rebut each other's options ? I think that it would help a
> lot.
Of course.
I support both Option 2 ("Acknowledge difficulty", my proposal) and
Option 3 ("Remain private", Iain's proposal). I firmly oppose
Option 1 ("Repeal previous GR", Gunnar's).
I think Option 1 is quite bad. I will rank option 1 below the FD (ie
the status quo). I recommend everyone else do so.
So, firstly, the big problem with Option 1:
If Option 1 wins, no-one can be sure what that collective decision
actually means. Some people have said that they think that without
the 2005 GR, decisions about list management simply revert to
listmaster. Other people have said that after a repeal of the 2005
GR, listmaster have no authority to invent a new declassification
process.
I think this would be worse than the current situation.
There have been a few concrete proposals (to -project and elsewhere),
for ways to improve things. There have been some vigorous defences of
transparency (and vigorous criticisms of the status quo). There have
been proposals (for example) to publish historical traffic data (which
is currently secret).
When this GR is out of the way, I think some of those contributors who
care a lot about improving our transparency will want to revisit this
issue. They will say that in the absence of the specific directions
from the 2005 GR, listmaster has the power to regulate debian-private
(subject to the usual principles of consultation, in the
Constitution). They will argue that the Social Contract requires
listmaster to do so.
I think all of these are quite reasonable points of view; and without
a clear statement from the GR about where the majority of the
projects' opinion lies, who is to say that these contributors are
wrong ?
I doubt that listmaster will be pleased to enter this fray. Our
listmasters are sensible people who will not want to act in such a
controversial area, when their authority is doubtful. So this
question will drag on with occasional rumblings, perhaps for years.
The dispute might finally be ended only by a second GR.
This will be stressful and threatening for those who value privacy;
particularly, it will be stressful for those who are concerned about
messages they have already posted, in the expectation that the GR; it will be
frustrating and
unproductive for those who want more transparancy; it will put an
unreasonable burden on listmaster; and it will risk wasting our
emotional energy on disputes about procedure and authority.
Please vote Option 1 below Further Discussion, or at least below
both Option 2 and Option 3.
Then, on to the choice between Option 2 and Option 3:
Both Options 2 and 3 explicitly honour the privacy expectations
established by the 2005 GR. Both Options 2 and 3 retract the broken
promise of declassification.
Both Options 2 and 3 prohibit the unwanted declassification of
messages: that is, people are not, in general, at risk of their
messages being published against their expressly stated wishes.
The main difference is that Option 3 would make it impossible to
invent, or experiment with, new ways of handling -private in the
future.
That would be a shame. There are some threads on -private which I
think the participants would be quite happy to see declassified at an
appropriate time (for example ones discussing security
vulnerabilities). Several people have suggested forms of subject-line
tagging, for example, which might make that possible, while still
allowing people to post messages which will never be disclosed.
I don't know whether any such schemes are feasible, or would command
consensus support, or would be used in practice if they were
implemented. But I would like it to be possible to consider them, try
out any that find favour, and either keep and improve them, or retire
them.
If Option 3 wins, such ideas are almost entirely blocked. They would
require a new GR. Developing a scheme in the context of a GR
Discussion is a bad idea. Even if the scheme could be developed
separately and ratified by a GR, it would then be set in stone.
There is another more minor difference. Option 2 leaves open the
possibility that something like the 2005 GR process could be used to
declassify particular messages or threads of historical interest, if
someone has the effort to do do so.
So I will be voting:
2 > 3 > FD > 1
Ie, ranking the options in this order
Option 2 "Acknowledge difficulty"
Option 3 "Remain private"
Further Discussion (aka Status Quo)
Option 1 "Repeal previous GR"
I think there is a legimate possible justification for a vote of
3 > 2 > FD > 1
If you feel that benefits of poss
Re: GR: Declassifying debian-private: second call for votes
Le Sun, Oct 16, 2016 at 01:10:02AM +0200, Debian Project Secretary - Kurt Roeckx a écrit : > > This is the second call for votes. > > Voting period starts 2016-10-09 00:00:00 UTC > Votes must be received by 2016-10-22 23:59:59 UTC > > The following ballot is for voting on declassifying debian-private. > Choice 1: Repeal previous GR > Choice 2: Acknowledge difficulty > Choice 3: Remain private Hi Gunnar, Ian and Iain, out of context, it is hard to chose between the options that each of you are presenting in this GR. Could you briefly rebut each other's options ? I think that it would help a lot. Have a nice day, -- Charles
