Breeding, Marshall wrote: > If you believe that being listed in a directory or wiki of any sort > is dangerous, then you are relying on security through obscurity, > with is no real security at all.
I'm not sure I can convey this any more clearly: I am not arguing against all listing (although I believe it should be a matter of choice), but I am arguing against listing details which can be used for fraudulent authentication. I even put that bit in bold in the last email, so I'm surprised anyone's missing it still. It feels a bit like wilful misunderstanding for the sake of an argument. Would someone like to try calling up libraries from lib-web-cats, pretending to be from their provider and see if they can get a staff login? I'm hoping public-sector libraries will have some protocol defence, as they should expect to work under freedom of information, but there's plenty more in there. I think library staff might be better at choosing the right words to convince other library staff... > I believe that libraries have vital interests in having users find > them on the Web. [...] I'm pretty sceptical that many users find libraries through lib-web-cats. > also in the interest of persons who work in libraries to know the > automation systems used by their peers so that they can make > well-informed decisions regarding technology strategies. I'm not so sure about that (I've met peer-use requirements in procurement and that's a barrier to innovation) but basically the more information the more easily the better. I really don't think lib-web-cats is a viable alternative to a popcon, especially as it currently stands. It includes too much of some data and not enough of others and the terms are non-FOSS. > I've put in thousands of hours of work on lib-web-cats since it was > initially created in 1995 and launched on the Web in 1977. The > views of one individual should not undermine this project. (I'm assuming that's a typing error, rather than time travel. ;-) ) Not undermine, but maybe convince you to fix it. So you've put in thousands of hours: what's going to happen when you're no longer able to? Will it stagnate and die, like so many other web projects I've seen since I started in 1994? That'll be tragic. > It's not helpful to try to convince libraries that they should > isolate themselves on the Web. Which isn't what I'm trying to do. I'm saying don't expect everyone to stand naked in the wrong neighbourhood. > That, to me, contradicts the spirit of engagement that is vital to > the mission of libraries today. And that is my key interest. I'm suggesting connecting more libraries to the project and yet I'm against "the spirit of engagement" because I don't want it done through lib-web-cats? Wow. Really. Wow. > [...] I get a sense from the discussions on IRC that at least some > think I'm against the project in some way, which is not the case. So hopefully non-Koha libraries won't be listed as Koha, and Product and Provider will be split in the near future. ;-) After all, Koha's only had multiple providers for about a decade, so it'd be nice to see FOSS ILSes fit in lib-web-cats properly, instead of being shoehorned through proprietary ILS concepts. Hope that explains, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha _______________________________________________ Koha-devel mailing list [email protected] http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
