On 09/01/19 17:03, Ian Jackson wrote: > Please search your communications archives.
I notice Norbert is somebody who goes beyond the core responsibilities of maintaining packages, thinks about challenging social issues that affect our community and looks for ways to communicate about them. Mistakes he may have made in written English pale in comparison to the mistakes I've personally made in German or any other language that I have dared to use in public but that isn't really relevant to somebody's competence as a developer anyway. Like all of us, he appears to have a genuine concern for users of his work, even when faced with challenges. I don't believe I have ever met him personally at an event but I hope I will some day. > I will summarise and collate these reports. I'd like to thank Ian for volunteering and Wookey for enhancing[1] the concept. Spending some time documenting and talking up the contributions that other people make to this project could help provide a way to address current and future challenges. Maybe contributors.debian.org could be enhanced to allow people to write ad-hoc reports about things they appreciate in the work of other developers? This would help build a nice record of contributions, a big improvement over the practice of leaving "unavoidable traces in public databases" as one developer recently put it. On 09/01/19 17:43, Martin Steigerwald wrote: > Thomas Lange - 09.01.19, 18:17: >>> This reminded me about >>> https://lists.debian.org/debian-project/2018/12/msg00025.html >> For easier understanding, this is the post from Daniel with subject: >> >> "€ 500 cash bounty for information / Debian privacy breaches" > Thanks for looking it up. > > I do not consider either of those helpful or ethically sound. > > For me it has something about denouncing people aka "please tell us how > bad this person has been". There is a massive difference between the two cases: This thread concerned an ordinary member of the organization, who had not even been on the mailing list for almost a week and it was very broad in it's aims. In my post, about conduct of the DPL/DAM, I was holding power to account and legitimately asking about breaches of privacy and also getting to the source of gossip. It was only posted after I already had good reason to make the inquiry, it wasn't just some dragnet exercise to see if anything was out there. The intention was not to harm anybody, rather, to prevent further harm. It also helped in another way: nobody has ever sent evidence of DAM or AH leaking outside the project, so we found out they were not the source. It raises an interesting question though: even though there was no evidence of DAM leaking outside the organization, should they be more robust against political interference in their processes? Privately, they wrote that another person had "seen a draft of the first mail we sent" and it appears that person was responsible for the privacy breaches. Some people noticed that Bits[2] from the DPL usually ends with a call for people to email the DPL privately with their "concerns". If this style of communication/call-to-gossip is not what we want in Debian, maybe that is the place to begin changing it? Perhaps the next Bits could finish with a call for people to speak to each other directly instead of emailing the DPL/AH/DAM? Regards, Daniel 1. https://lists.debian.org/debian-project/2019/01/msg00180.html 2. https://lists.debian.org/debian-devel-announce/2018/11/msg00007.html -- Debian Developer https://danielpocock.com
