On 13/01/15 08:27 -0500, Sean Dague wrote:
On 01/13/2015 08:01 AM, Thierry Carrez wrote:Kuvaja, Erno wrote:[...] 1) One does not need to express themselves in a way that is for public. ( Misunderstandings can be corrected on the fly if needed. ) There is no need to explain to anyone reading the logs what you actually meant during the conversation month ago. 2) there is level of confidentiality within that defined audience. ( For example someone not familiar with the processes thinks they have found security vulnerability and comes to the IRC-channel to ask second opinion. Those details are not public and that bug can still be raised and dealt properly. Once the discussion is logged and the logs are publicly available the details are publicly available as well. ) 3) That defined audience does not usually limit content. I have no problem to throw my e-mail address, phone number etc. into the channel, I would not yell them out publicly. [...]All 3 arguments point to issues you have with *public* channels, not *logged* channels. Our IRC channels are, in effect, already public. Anyone can join them, anyone can log them. An embargoed vulnerability discussed on an IRC channel (logged or not) should be considered leaked. I agree that logging makes it easier for random people to access that already-public information, but you can't consider an IRC channel private (and change your communication style or content) because it's not logged by eavesdrop. What you seem to be after is a private, invitation-only IRC channel. That's an orthogonal issue to the concept of logging.Honestly, I do think it's probably worth having an OpenStack wide bit of guidance here, especially now that every project has felt the need to spin up their own channel instead of using #openstack-dev (which is currently mostly void of content). Not having these logs means we often are missing important parts of historical context when decisions are made, because a lot more design is happening in unarchived formats than archived ones.
+2A As mentioned in my last email, I think this is worth doing and asking for. It will also avoid this kinds of discussions and it'll also make clear the status of our IRC channels. For example, people with concerns like Erno's would know in advance that all openstack related IRC channels are logged. Not sure how/when this can be asked/enforced but it'd avoid this kind of discussions, at least. Flavio
-Sean -- Sean Dague http://dague.net __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
-- @flaper87 Flavio Percoco
Description: PGP signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev