Re: Trying to reach consensus - Yet Another Alternate Proposal to Declassification of debian-private

[Lionel Elie Mamane]

On Thu, Dec 08, 2005 at 01:39:15AM +0100, Wouter Verhelst wrote:
> On Wed, Dec 07, 2005 at 02:47:07PM -0300, Daniel Ruoso wrote:

>> I'll try to move forward in the direction of a more consensual proposal
>> about the declassification. 

>> So, my conclusion is that it would be nice to have two types of
>> publications:

>> 1) Selected Readers
>> 2) Selected Content

>> The first type of publication could embrace the entire content of
>> debian-private, but restrictions will be applied for those who want
>> to read, basically, the need of identification of the reader and
>> the agreement to a NDA on the same terms applied to every debian
>> developer about the privacy of the mailing list.

Well, if we let anybody read it, it has absolutely no point asking for
an NDA. Your proposal says that anybody can get read it, if he signs
an NDA. This procedure could be a useful tool if we restricted it to,
say, people like Biella Coleman that have a "real use", sanctioned by
Debian and all, out of the_whole_ archive. (This should not keep us
from opening up nearly everything else.)

>> I hope this is closer to a consensus...

> Afraid not. This proposal basically creates a second class of people
> -- those who we want to sign NDA's to be able to read stuff.

> That's even further away from 'openness and transparency' than the
> status quo. The idea that developers sometimes have private things
> to say is at least defendable; the idea that Debian is joining the
> NDA crap is not, IMNSHO.

NDA's have a bad reputation in our community; sometimes they make
sense. They are just a formal version of "yes, I understand the
information I get is confidential; I will treat it as such". I think
it makes sense for very selected readers that have a good use of the
whole archive. It is indeed a bit silly if anyone can just sign it and
get access.

-- 
Lionel


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Trying to reach consensus - Yet Another Alternate Proposal to Declassification of debian-private

[Robert Collins]

On Thu, 2005-12-08 at 00:08 +0100, Gaudenz Steinlin wrote:
> On Wed, Dec 07, 2005 at 02:47:07PM -0300, Daniel Ruoso wrote:
> > So, my conclusion is that it would be nice to have two types of
> > publications:
> > 
> > 1) Selected Readers
> > 2) Selected Content
> > 
> > The first type of publication could embrace the entire content of
> > debian-private, but restrictions will be applied for those who want to
> > read, basically, the need of identification of the reader and the
> > agreement to a NDA on the same terms applied to every debian developer
> > about the privacy of the mailing list.
> > 
> 
> One of the main goals of the original GR was to make the archives
> available for research. How will you be able to publish the results 
> of such research if you agreed to an NDA. One of the main principles
> of scientific research is to make your results reproducible by others.  
> This is impossible if you base your research on data which is only
> available under an NDA.

Its quite possible to publish research conducted under an NDA without
compromising that NDA: but one is constrained in the quotes and
disclosure you can make.

As for being reproducible by others, the suggested process for getting
access seems to be so trivial any researcher with access to the internet
will be able to complete it fairly easily. It also is not under onerous
terms (such as MS's kerberos extensions were) so entering into the NDA
should not limit or pose an unreasonable burden on anyone.

Rob

-- 
GPG key available at: .


signature.asc
Description: This is a digitally signed message part

Re: Trying to reach consensus - Yet Another Alternate Proposal to Declassification of debian-private

[Wouter Verhelst]

On Wed, Dec 07, 2005 at 02:47:07PM -0300, Daniel Ruoso wrote:
> Hi,
> 
> I'll try to move forward in the direction of a more consensual proposal
> about the declassification. 
> 
> In this discussion, two points were made clear to me:
> 
> 1) It would be really nice to have the d-p archives available to those
> who want to understand better how debian works, and from this
> perspective, the selection of which content will be made available is
> not a desirable thing.
> 
> 2) On the other hand, some sensitive material should not be indexed by
> google, nor be available without any criteria. This is certainly the
> point that is raising most of the disagreement.
> 
> So, my conclusion is that it would be nice to have two types of
> publications:
> 
> 1) Selected Readers
> 2) Selected Content
> 
> The first type of publication could embrace the entire content of
> debian-private, but restrictions will be applied for those who want to
> read, basically, the need of identification of the reader and the
> agreement to a NDA on the same terms applied to every debian developer
> about the privacy of the mailing list.
> 
> The second type would be open to the public in general, and then could
> be strictly opt-in, since this would be indexable by google, and it's
> desirable that the authors have a choice on that.
> 
> This way, I'd like to formalize a new Proposal.
> 
> --
> 
> In accordance with principles of openness and transparency, Debian
> will seek to declassify and publish posts of historical or ongoing
> significance made to the Debian Private Mailing List.
[...]
> I hope this is closer to a consensus...

Afraid not. This proposal basically creates a second class of people --
those who we want to sign NDA's to be able to read stuff.

That's even further away from 'openness and transparency' than the
status quo. The idea that developers sometimes have private things
to say is at least defendable; the idea that Debian is joining the NDA
crap is not, IMNSHO.

-- 
.../ -/ ---/ .--./ / .--/ .-/ .../ -/ ../ -./ --./ / -.--/ ---/ ..-/ .-./ / -/
../ --/ ./ / .--/ ../ -/ / / -../ ./ -.-./ ---/ -../ ../ -./ --./ / --/
-.--/ / .../ ../ --./ -./ .-/ -/ ..-/ .-./ ./ .-.-.-/ / --/ ---/ .-./ .../ ./ /
../ .../ / ---/ ..-/ -/ -../ .-/ -/ ./ -../ / -/ ./ -.-./ / -./ ---/ .-../
---/ --./ -.--/ / .-/ -./ -.--/ .--/ .-/ -.--/ .-.-.-/ / ...-.-/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Trying to reach consensus - Yet Another Alternate Proposal to Declassification of debian-private

[Gaudenz Steinlin]

On Wed, Dec 07, 2005 at 02:47:07PM -0300, Daniel Ruoso wrote:
> So, my conclusion is that it would be nice to have two types of
> publications:
> 
> 1) Selected Readers
> 2) Selected Content
> 
> The first type of publication could embrace the entire content of
> debian-private, but restrictions will be applied for those who want to
> read, basically, the need of identification of the reader and the
> agreement to a NDA on the same terms applied to every debian developer
> about the privacy of the mailing list.
> 

One of the main goals of the original GR was to make the archives
available for research. How will you be able to publish the results 
of such research if you agreed to an NDA. One of the main principles
of scientific research is to make your results reproducible by others.  
This is impossible if you base your research on data which is only
available under an NDA.

Gaudenz

-- 
Ever tried. Ever failed. No matter.
Try again. Fail again. Fail better.
~ Samuel Beckett ~


pgpdU7TLtSP67.pgp
Description: PGP signature

Re: Trying to reach consensus - Yet Another Alternate Proposal to Declassification of debian-private

[mjr]

Daniel Ruoso:
> I'll try to move forward in the direction of a more consensual proposal
> about the declassification.=20
> 
> In this discussion, two points were made clear to me:

You do not mention the copyright and ethical problems,
but the proposal seems to address them, near enough.
Is the OP willing to accept it, or need we gather seconds?

Thanks,
-- 
MJR/slef
My Opinion Only: see http://people.debian.org/~mjr/
Please follow http://www.uk.debian.org/MailingLists/#codeofconduct


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Trying to reach consensus - Yet Another Alternate Proposal to Declassification of debian-private

[Daniel Ruoso]

Hi,

I'll try to move forward in the direction of a more consensual proposal
about the declassification. 

In this discussion, two points were made clear to me:

1) It would be really nice to have the d-p archives available to those
who want to understand better how debian works, and from this
perspective, the selection of which content will be made available is
not a desirable thing.

2) On the other hand, some sensitive material should not be indexed by
google, nor be available without any criteria. This is certainly the
point that is raising most of the disagreement.

So, my conclusion is that it would be nice to have two types of
publications:

1) Selected Readers
2) Selected Content

The first type of publication could embrace the entire content of
debian-private, but restrictions will be applied for those who want to
read, basically, the need of identification of the reader and the
agreement to a NDA on the same terms applied to every debian developer
about the privacy of the mailing list.

The second type would be open to the public in general, and then could
be strictly opt-in, since this would be indexable by google, and it's
desirable that the authors have a choice on that.

This way, I'd like to formalize a new Proposal.

--

In accordance with principles of openness and transparency, Debian
will seek to declassify and publish posts of historical or ongoing
significance made to the Debian Private Mailing List.

This publication will be made in two different ways, both managed by a
declassification team assigned by the Debian Project Leader:

1) 3 or more years old posts will be made available on a public site,
but the access to this content will be regulated by the following
constraints:
  * The declassification team will ellaborate a NDA in the same terms
of the policy applied to every Debian Developer concerning the 
privacy of the mailing list.
  * The prospective reader will have to identify himself to the  
declassification team, and will need to have a GPG key signed 
by a Debian Developer.
  * The prospective reader will have to send a GPG signed email in
which he will agree to the NDA.
  * The declassification team will send username, password and the url 
in a GPG sined and cyphered email to the prospective reader.
  * The access logs of this content will be kept.
2) 3 or more years old posts will be made available on a public site
with public anonymous access according to the following constraints:
  * The declassification team will request approval for publication of
the posts to its authors, which can request:
a) to keep the entire post private,
b) to remove his identification from the post,
c) to remove certain parts of the post,
d) to publish the post as it is.
  * If an author requests that some post or some parts of it needs to 
be kept private, the references to it will be removed from other 
posts.
  * If the author doesn't reply to the request for publication, the 
entire post will be kept private.
  * If the post already contains a "you're allowed to quote me outside
debian-private"-like statement, the declassification team will not 
need to contact the author, and the post will be published.

---

I hope this is closer to a consensus...

daniel


signature.asc
Description: Esta é uma parte de mensagem	assinada digitalmente