LWN: Comments on "Debian declassification delayed"

Debian declassification delayed

VelvetElvis — Mon, 19 Jul 2010 20:57:36 +0000

Being someone who might find himself someday writing a paper on something as geeky as the history of The Debian Project, I just worry that there might be data in that that's of actual relevancy to historians of technology.

Verification of Debian Developer identity

tialaramex — Fri, 16 Jul 2010 09:41:40 +0000

That requirement makes it impossible to be an _anonymous_ Debian Developer, but not to be a _pseudonymous_ one which is why I chose the wording I did.

The requirement (the one other Debian Developers can see being enforced) is just that each member has an OpenPGP key with at least one identity signed by another Debian Developer.

Perhaps if Debian was created today, it would be required that the signed identity be a photographic image of the face (the necessary PGP features did not exist when Debian was created). A poor identifier, but one that's fairly verifiable. In reality, as I understand it, the main identifier for Debian Developers is an email address, since that's how most discussion is undertaken. Usually the address is associated with a name, and someone might ("by convention") check that the name vaguely matches one shown on some official looking photo ID (e.g. they'd sign "Bill Thomson" based on photo ID in the name "William Thompson"). That's just not a high enough barrier to use words like "impossible".

Fake identity documents are commonplace, particularly in jurisdictions where they are abused as licenses (e.g. to permit purchasing alcoholic beverages, tobacco, pharmaceuticals or firearms). Debian isn't an organisation of highly trained forensic experts, but of Free Software hackers. So we cannot expect miracles of detective work.

As to my tone, as usual there's no hidden agenda here, I'd scoff just as much if someone told me Microsoft's Windows division could keep secrets for five years. Only small groups, on whom secrecy of a particular matter is impressed as utterly critical, can be expected to keep secrets for more than a short while. Ultra is an example often cited - few people had routine access to Ultra, though more knew of its existence at least tangentially. Ultra was kept secret for the remaining duration of the war and perhaps 10 years or so beyond, but by the 1970s people were writing about it in memoirs of the war. Those told about Ultra were mostly military personnel, and it was clear lives were at stake. I'm not pretending the DDs are all gossips, straight over to a neighbour to tell them the latest, but only that it would be quite extraordinary to think of a secret that mustn't be public in five years time, but can be told to 1000 of these essentially random people from around the world.

(and moreover, told to them via unsecured SMTP email...)

Verification of Debian Developer identity

jrn — Tue, 13 Jul 2010 19:36:32 +0000

Im not sure why anyone should care, but it is still a requirement modulo one exception (an enforced one, if you want to nitpick) for contributors to have their gpg key signed by an existing DD before becoming a new DD themselves. It is a convention, not enforced but certainly not in name only, that DDs follow the usual looking-at-photo-id procedure when signing gpg keys.

As an aside, I find your tone puzzling.

Debian declassification delayed

foom — Tue, 13 Jul 2010 15:23:10 +0000

It's really more like mail in an envelope -- it's illegal to intercept, and generally private, but is pretty easy to get at in transit if you put your mind to it.

Lots of mailservers do opportunistic encryption of the SMTP channel these days, too, so you can't eavesdrop as a passive attacker anymore.

Now you have to ~intercept the envelope, open it, read it, put the mail in a new envelope, and send it on the the destination~.

Debian declassification delayed

nye — Tue, 13 Jul 2010 14:47:42 +0000

>it does have a high expectation of confidentiality regardless of whether it is encrypted or not.

It baffles me why anyone would send unencrypted e-mail with even the slightest expectation of confidentiality. We've been saying for *years* that you shouldn't put anything in unencrypted e-mail that you wouldn't be happy putting on a postcard.

Debian declassification delayed

rahulsundaram — Tue, 13 Jul 2010 13:58:29 +0000

If it is a mailing list with private archives and is documented clearly to be a private members only mailing list, it does have a high expectation of confidentiality regardless of whether it is encrypted or not.

Debian declassification delayed

dark — Tue, 13 Jul 2010 13:19:46 +0000

Another thing to consider is that those mails were sent unencrypted. The expectation of confidentiality can't be all that high.

Debian declassification delayed

tialaramex — Tue, 13 Jul 2010 12:02:54 +0000

One of the amusing, but also rather sad things about Debian developers is that they tend to have trouble with the difference between laws of men and laws of nature. So they write something down, and then they imagine that this has made it so.

We see this illustrated in the topic article and reinforced here.

Outsider: You have a secret members only list we don't get to see
DD: No, we made a rule which declassifies things

Outsider: Some of your members use pseudonyms.
DD: No, we made a rule saying they mustn't

And anyway the rule says no such thing, what salimma has written isn't the rule, and the most generous interpretation would be that they've "simplified" it for us and it just happened that this simplification removed all the loopholes in the actual rule. Becoming a pseudonymous Debian Developer is a bit trickier than getting pseudonymous contributions into Linux, but it's far from "simply not possible".

Debian declassification delayed

nye — Thu, 08 Jul 2010 16:02:07 +0000

Oh I see. Still, it seems a bit harsh to accuse somebody of trolling for not knowing that - especially as the bulk of the point is still somewhat valid without it.

Debian declassification delayed

salimma — Thu, 08 Jul 2010 15:35:54 +0000

Debian requires any new developer to be authenticated (with photo ID) by an existing developer, after meeting in person. Thus operating under a pseudonym is simply not possible.

Debian declassification delayed

nye — Thu, 08 Jul 2010 10:47:42 +0000

Huh? Not sure what you're getting at. I didn't see any trolling.

Debian declassification delayed

joey — Wed, 07 Jul 2010 22:49:09 +0000

Pseudonyms? Nice try, but trolling fail, I'm afraid.

Debian declassification delayed

tialaramex — Wed, 07 Jul 2010 10:16:09 +0000

Riiight. 1000 individuals, some operating under pseudonyms from countries outside our jurisdiction, and an unknown number of whom have financial conflicts of interest with this "other company" but it's OK to give them this information through a bulk mailing list immediately on a whim.

The general public, on the other hand? Permanently a "serious no-no" according to those same thousand people.

I think the reality is that the most embarrassing thing revealed by opening up debian-private would be what types of thing are inappropriately discussed by a thousand people who think no-one's looking. The established policy seems to have been intended to stop this, but it's clear that it didn't have that affect. Worth trying again, I think.

Debian declassification delayed

shmget — Wed, 07 Jul 2010 05:28:43 +0000

Good idea... wait, isn't that exactly what Disney does with copyright length ? :-)

Debian declassification delayed

drag — Wed, 07 Jul 2010 02:57:36 +0000

Personally I don't care anything about Debian's internal political BS.

Just release things that may be interesting in to third parties and if a member of the private list has some threads they would like public then let them. If some researcher would like access then let them.

Full disclosure is uninteresting, unless it's security related.

Debian declassification delayed

rahvin — Tue, 06 Jul 2010 22:27:07 +0000

As the article noted, disclosure of other companies financial information would be a serious no-no and could get sponsorships terminated. You gotta be really careful here.

I think they should simply find the relevant stuff and release it, we don't need 30 threads of jokes that devolved from a vacation announcement.

Debian declassification delayed

ikm — Tue, 06 Jul 2010 20:52:44 +0000

Gosh. Pass another GR and make it wait for another three years. Problem solved.

Debian declassification delayed

tialaramex — Tue, 06 Jul 2010 15:19:11 +0000

An unworkable mess. Given that it was never intended to operate on existing messages but only on future ones, it seems as though a resolution to simply declassify _everything_ after say 5 years would have been more useful, and yet also much simpler to implement.

Given the sheer number of Debian Developers this "private" mailing list could only ever have been as private as a school assembly or a town meeting. What "private" matters could you possibly discuss with this audience that were not covered by Debian's social obligation to be open with the rest of the world?