Debian declassification delayed
In 2005, the Debian project voted to declassify messages on the debian-private mailing list after a period of three years. That is easier said than done, apparently. The General Resolution (GR) calls for volunteers to do the work of declassification, and few Debian Developers seem eager to do the work required to make it happen.
The debian-private list is, as the name suggests, a non-public list that is used by Debian Developers to discuss issues without the prying eyes of users, press, or anyone else outside the Debian project. The list and archive is only available to Debian Developers, and anything sent to debian-private is not to be spread to other lists.
Former Debian Project Leader (DPL) Steve McIntyre says that the traffic on debian-private "varies quite a lot, from a couple of dozen messages in some months to hundreds in others
", depending on whether there's a large and sensitive discussion. But most of the traffic is mundane, according to McIntyre:
Most of the traffic is quite boring these days: vacation messages as you've heard about, plus related discussions. We do have occasional sensitive discussions where, for a variety of reasons, people would rather not have them in public: discussions about relationships with upstream developers, people joining or leaving the project, etc. Normally nothing too juicy, I'm afraid, but it's often kept private to avoid offence as much as anything else.
Plus, as you'll see on a lot of geek mailing lists and newsgroups, there's quite a tendency to wander totally off-topic or into humour. And then a similar amount of stuff from people asking "why is this on -private?" Quite boring, really...
The GR to declassify was put forward by Anthony Towns prior to his stint as DPL, with an amendment proposed by Daniel Ruoso. Towns' GR called for a volunteer team to declassify messages on the debian-private mailing list three years after posting, with a set of exceptions. The volunteers are required to contact authors and give four to eight weeks to object to messages being made public. Posts with any financial information about outside organizations would not be published, and the posts are to be available to all Debian Developers two weeks prior to publication. The developer body can overrule publication by another General Resolution, even if the author consents.
Towns reasoned that debian-private went against the Debian Social Contract. According to Towns, the list has hosted important discussions in the evolution of Debian. The discussions should be open for examination at some point for academics and other projects to see how Debian has dealt with those issues.
Ruoso's amendment, which was approved, applied the GR only to messages sent after the GR passed. Thus, no messages prior to the end of 2005 are eligible for declassification.
In theory, the process of declassifying messages from 2006 onwards should be well underway. In practice, the GR seems to be an unfunded mandate. Volunteers to do the work seem to be in short supply. McIntyre asked for volunteers in January 2009, but little interest was shown. In May, current DPL Stefano Zacchiroli posted a request for volunteers for the declassification team to debian-project.
Since volunteer bodies seemed in short supply, Martin Krafft offered a simpler method. Krafft suggested that "archive chunks" be made available at monthly periods, with two months for authors to delete posts they don't wish disclosed. This was rejected as it does not fit with the original GR, and because some participants on debian-private in 2006 may no longer be Debian Developers — thus lacking access to delete messages.
The amount of work required may scare off the few developers actually interested in taking on the task. Don Armstrong replied to Zacchiroli's call for volunteers by saying he'd considered taking on the task and gave up:
I had actually glanced at working on this earlier, but stopped after a small bit of time, because it wasn't particularly useful, and because the sheer amount of work that it would require to satisfy the terms of the GR. (And frankly, the majority of the conversations in the archive either aren't interesting enough to bother publishing, or are on topics that such a large number of people will want their messages redacted, that it's kind of useless.)
Giacomo A. Catenazzi suggests, in a recent posting, that much of the discussion on debian-private is private because "we don't want to show all world about our vacation dates and destinations, about health and children, about personal issues we have with other people (in and outside Debian), etc.
" Russ Allbery echoed Armstrong, saying that many developers seem unwilling to declassify anything of interest:
The GR was an interesting idea, but based on the number of debian-private participants who, for anything that would be of any interest whatsoever after three years, have said they don't want their messages ever disclosed, I think in practice participants have spoken and have basically vetoed any sort of effective disclosure.
As it stands, it looks like the declassification GR will result in few or no messages being made public. The only action thus far is a status page reiterating the call for Debian Developers to take up the task. Zacchiroli posted an update on June 25 saying that some volunteers had been located, but "no one with actually enough free time to start doing the declassification right now.
"
This may be no great loss. The final GR, with the amendment constraining declassification to messages sent after January 1, 2006, means that messages showing the early evolution of Debian would not be made public. The provision that developers can veto release of messages after that date ensures that little of a controversial nature would be released, leaving little worth reading. As Andreas Tille suggests, it may be a better use of developers' time to fix RC bugs than spend time slogging through old debian-private discussions to prove just how open Debian is as a project.
One might also wonder why the project does not simply abolish debian-private altogether, in the spirit of openness. However, that would likely move sensitive discussions off of a project list altogether. It may be that the best option is discussion on a list open to all Debian Developers, but closed to the larger public, rather than discussions held out of view of the majority of the project.
| Index entries for this article | |
|---|---|
| GuestArticles | Brockmeier, Joe |
Posted Jul 6, 2010 15:19 UTC (Tue)
by tialaramex (subscriber, #21167)
[Link] (14 responses)
Given the sheer number of Debian Developers this "private" mailing list could only ever have been as private as a school assembly or a town meeting. What "private" matters could you possibly discuss with this audience that were not covered by Debian's social obligation to be open with the rest of the world?
Posted Jul 6, 2010 22:27 UTC (Tue)
by rahvin (guest, #16953)
[Link] (13 responses)
I think they should simply find the relevant stuff and release it, we don't need 30 threads of jokes that devolved from a vacation announcement.
Posted Jul 7, 2010 2:57 UTC (Wed)
by drag (guest, #31333)
[Link]
Just release things that may be interesting in to third parties and if a member of the private list has some threads they would like public then let them. If some researcher would like access then let them.
Full disclosure is uninteresting, unless it's security related.
Posted Jul 7, 2010 10:16 UTC (Wed)
by tialaramex (subscriber, #21167)
[Link] (11 responses)
The general public, on the other hand? Permanently a "serious no-no" according to those same thousand people.
I think the reality is that the most embarrassing thing revealed by opening up debian-private would be what types of thing are inappropriately discussed by a thousand people who think no-one's looking. The established policy seems to have been intended to stop this, but it's clear that it didn't have that affect. Worth trying again, I think.
Posted Jul 7, 2010 22:49 UTC (Wed)
by joey (guest, #328)
[Link] (6 responses)
Posted Jul 8, 2010 10:47 UTC (Thu)
by nye (subscriber, #51576)
[Link] (5 responses)
Posted Jul 8, 2010 15:35 UTC (Thu)
by salimma (subscriber, #34460)
[Link] (4 responses)
Posted Jul 8, 2010 16:02 UTC (Thu)
by nye (subscriber, #51576)
[Link]
Posted Jul 13, 2010 12:02 UTC (Tue)
by tialaramex (subscriber, #21167)
[Link] (2 responses)
We see this illustrated in the topic article and reinforced here.
Outsider: You have a secret members only list we don't get to see
Outsider: Some of your members use pseudonyms.
And anyway the rule says no such thing, what salimma has written isn't the rule, and the most generous interpretation would be that they've "simplified" it for us and it just happened that this simplification removed all the loopholes in the actual rule. Becoming a pseudonymous Debian Developer is a bit trickier than getting pseudonymous contributions into Linux, but it's far from "simply not possible".
Posted Jul 13, 2010 19:36 UTC (Tue)
by jrn (subscriber, #64214)
[Link] (1 responses)
Im not sure why anyone should care, but it is still a requirement modulo one exception (an enforced one, if you want to nitpick) for contributors to have their gpg key signed by an existing DD before becoming a new DD themselves. It is a convention, not enforced but certainly not in name only, that DDs follow the usual looking-at-photo-id procedure when signing gpg keys. As an aside, I find your tone puzzling.
Posted Jul 16, 2010 9:41 UTC (Fri)
by tialaramex (subscriber, #21167)
[Link]
The requirement (the one other Debian Developers can see being enforced) is just that each member has an OpenPGP key with at least one identity signed by another Debian Developer.
Perhaps if Debian was created today, it would be required that the signed identity be a photographic image of the face (the necessary PGP features did not exist when Debian was created). A poor identifier, but one that's fairly verifiable. In reality, as I understand it, the main identifier for Debian Developers is an email address, since that's how most discussion is undertaken. Usually the address is associated with a name, and someone might ("by convention") check that the name vaguely matches one shown on some official looking photo ID (e.g. they'd sign "Bill Thomson" based on photo ID in the name "William Thompson"). That's just not a high enough barrier to use words like "impossible".
Fake identity documents are commonplace, particularly in jurisdictions where they are abused as licenses (e.g. to permit purchasing alcoholic beverages, tobacco, pharmaceuticals or firearms). Debian isn't an organisation of highly trained forensic experts, but of Free Software hackers. So we cannot expect miracles of detective work.
As to my tone, as usual there's no hidden agenda here, I'd scoff just as much if someone told me Microsoft's Windows division could keep secrets for five years. Only small groups, on whom secrecy of a particular matter is impressed as utterly critical, can be expected to keep secrets for more than a short while. Ultra is an example often cited - few people had routine access to Ultra, though more knew of its existence at least tangentially. Ultra was kept secret for the remaining duration of the war and perhaps 10 years or so beyond, but by the 1970s people were writing about it in memoirs of the war. Those told about Ultra were mostly military personnel, and it was clear lives were at stake. I'm not pretending the DDs are all gossips, straight over to a neighbour to tell them the latest, but only that it would be quite extraordinary to think of a secret that mustn't be public in five years time, but can be told to 1000 of these essentially random people from around the world.
(and moreover, told to them via unsecured SMTP email...)
Posted Jul 13, 2010 13:19 UTC (Tue)
by dark (guest, #8483)
[Link] (3 responses)
Posted Jul 13, 2010 13:58 UTC (Tue)
by rahulsundaram (subscriber, #21946)
[Link] (2 responses)
Posted Jul 13, 2010 14:47 UTC (Tue)
by nye (subscriber, #51576)
[Link] (1 responses)
It baffles me why anyone would send unencrypted e-mail with even the slightest expectation of confidentiality. We've been saying for *years* that you shouldn't put anything in unencrypted e-mail that you wouldn't be happy putting on a postcard.
Posted Jul 13, 2010 15:23 UTC (Tue)
by foom (subscriber, #14868)
[Link]
Lots of mailservers do opportunistic encryption of the SMTP channel these days, too, so you can't eavesdrop as a passive attacker anymore.
Now you have to ~intercept the envelope, open it, read it, put the mail in a new envelope, and send it on the the destination~.
Posted Jul 6, 2010 20:52 UTC (Tue)
by ikm (guest, #493)
[Link] (1 responses)
Posted Jul 7, 2010 5:28 UTC (Wed)
by shmget (guest, #58347)
[Link]
Posted Jul 19, 2010 20:57 UTC (Mon)
by VelvetElvis (guest, #69142)
[Link]
Debian declassification delayed
Debian declassification delayed
Debian declassification delayed
Debian declassification delayed
Debian declassification delayed
Debian declassification delayed
Debian declassification delayed
Debian declassification delayed
Debian declassification delayed
DD: No, we made a rule which declassifies things
DD: No, we made a rule saying they mustn't
Verification of Debian Developer identity
Verification of Debian Developer identity
Another thing to consider is that those mails were sent unencrypted. The expectation of confidentiality can't be all that high.
Debian declassification delayed
Debian declassification delayed
Debian declassification delayed
Debian declassification delayed
Debian declassification delayed
Debian declassification delayed
Debian declassification delayed