Re: Question for Planet Admins: What Should I do if another Developer Removes my Blog
On Tuesday, May 21, 2019 7:41:51 PM EDT Benj. Mako Hill wrote: > Greetings! > > I'm a planet admin although, as you suggest, I think this is outside > of the area of documented policy. > > > > > Imagine that I get a note from a random developer saying they have > > removed my blog from planet. I understand what they are saying enough > > to believe it is not vandalism; they honestly believe I did something > > wrong. I can't understand from their message how they hope I'd fix it. > > > > I cannot engage with them in what I think is a timely manner. > > > > They copied the planet admins who have not gotten involved in the > > conversation. > > > > What should I do? > > The problems caused by a revert war are greater than the threat of a > person not being on planet for a short period of time. As a result, I > think it's best not to start a "war" by reverting a change without > first understanding or attempting to address the underlying problem or > getting feedback from the planet admins that the problem that caused > removal in the first place can be ignored. > > As a result, I think the preferred approach would be your (2): > > 2) Ask the planet admins to respond to the situation and either help > > me understand the problem or add my blog back. > > If somebody removes a feed from planet because they think it is on the > wrong side of appropriate behavior within Debian, the appropriate > first step is to discuss it with the parties involved. I think it's > part of the planet admins' job to mediate this conversation. > > If consensus on an outcome cannot be reached this way, the > conversation will likely need to move a mailing list and/or leadership > within the project. > > I'd be happy to document this on the Planet wiki page. > > I understand that this approach gives everyone with access to the > repository on salsa the power to temporary silence anyone else. I > think that the benefits of this level of openness (documented in the > list of actions Joerg shared) are high enough that they outweigh he > risks this introduces. The Planet Debian admins are, IMO, free to run the service however they want (thank you for providing it). I think defaulting to silencing people is the opposite of openness. I don't recall for certain how much blogging there was about systemd during that debacle (irrelvant to the goodness/badness of the final result, the process was ugly), but I can imagine if something similarly controversial comes up in the future, deletions from Planet Debian being rather more common in the heat of the moment if we codify a policy that endorses random DDs removing feeds from Planet Debian. I think it's more open and equally clean for someone who's blog has been non- consensually removed to be able to put it back themselves immediately (if they think the removal was unreasonable) and point the remover at the Planet Debian admins. There should be consistency about what is OK and not and it's the Planet Debian admins that can apply that. Yes, we have a CoC, but if something is OK CoC wise or not is not generally a clear cut decision. If there's a problem, I think (absent some of the types of cases Joerg mentioned) that people with concerns should be asking the admins to address it and not unilaterally applying their personal standards to a project resource. Scott K
Re: Question for Planet Admins: What Should I do if another Developer Removes my Blog
Greetings! I'm a planet admin although, as you suggest, I think this is outside of the area of documented policy. > Imagine that I get a note from a random developer saying they have > removed my blog from planet. I understand what they are saying enough > to believe it is not vandalism; they honestly believe I did something > wrong. I can't understand from their message how they hope I'd fix it. > > I cannot engage with them in what I think is a timely manner. > > They copied the planet admins who have not gotten involved in the > conversation. > > What should I do? The problems caused by a revert war are greater than the threat of a person not being on planet for a short period of time. As a result, I think it's best not to start a "war" by reverting a change without first understanding or attempting to address the underlying problem or getting feedback from the planet admins that the problem that caused removal in the first place can be ignored. As a result, I think the preferred approach would be your (2): > 2) Ask the planet admins to respond to the situation and either help > me understand the problem or add my blog back. If somebody removes a feed from planet because they think it is on the wrong side of appropriate behavior within Debian, the appropriate first step is to discuss it with the parties involved. I think it's part of the planet admins' job to mediate this conversation. If consensus on an outcome cannot be reached this way, the conversation will likely need to move a mailing list and/or leadership within the project. I'd be happy to document this on the Planet wiki page. I understand that this approach gives everyone with access to the repository on salsa the power to temporary silence anyone else. I think that the benefits of this level of openness (documented in the list of actions Joerg shared) are high enough that they outweigh he risks this introduces. Regards, Mako -- Benjamin Mako Hill https://mako.cc/ Creativity can be a social contribution, but only in so far as society is free to use the results. --GNU Manifesto signature.asc Description: PGP signature
Re: Further inquiry regarding data privacy (for packages installed in Debian)
I don't know if many packages have them, but there is a privacy:: debtag that for potential privacy concerns and other anti-features. Synaptic should be able to show them. On May 21, 2019 9:16:53 AM EDT, npdflr wrote: >Hi, > >Would you recommend me or debian users to go through privacy policy for >the default packages/softwares installed in Debian images/iso files. > > > >An example would be the firefox-esr that has data collection >policy: https://wiki.mozilla.org/Firefox/Data_Collection > >The default is off for Web activity data and Highly Sensitive data so >it should not be a problem. > > > >But for other default packages should I go through their privacy >policies? > > >Note: As for the packages installed manually by the user (not default >packages), it would be the user's responsibity to make sure that they >don't send any sensitive data. > > > >Also, what ways can one check the privacy policy of the packages >installed (by default or manually installed)? > >- One way would be to open Synaptic Package Manager (for the packages >installed from the repositories listed in sources.list), check for >homepage (if there) for every package installed and then read the >privacy policy on that homepage. > >- For the packages downloaded from elsewhere, I think the user would >have to check the source/homepage etc for its privacy policy. > > >Thank you. > > > > > > On Wed, 27 Feb 2019 13:02:28 -0800 Joerg Jaspert > wrote > > > >On 15326 March 1977, mailto:npd...@zoho.com wrote: > >> I am posting an excerpt from the 'Data privacy' page >> (https://www.debian.org/legal/privacy): > >> Service related logging > >> In addition to the explicitly listed services above the Debian >> infrastructure logs details about system accesses for the purposes of > >> ensuring service availability and reliability, and to enable >debugging >> and diagnosis of issues when they arise. This logging includes >details >> of mails sent/received through Debian infrastructure, web page access > >> requests sent to Debian infrastructure, and login information for >> Debian systems (such as SSH logins to project machines). None of this > >> information is used for any purposes other than operational >> requirements and it is only stored for 15 days in the case of web >> server logs, 10 days in the case of mail log and 4 weeks in the case >> of authentication/ssh logs. > >> a) Does 'system' and 'Debian systems' in the above excerpt mean an >> installation of Debian OS? > >No. It means a system installed and run by Debian admins providing a >service. Like the machine handling this list, or a machine handling a >webserver for www.debian.org. > >> b) I am assuming that 'Debian infrastructure' means the 'Debian >> Security Infrastructure' >> (https://www.debian.org/doc/manuals/securing-debian-howto/ch7) which >> is used to handle security in the stable distribution. Please correct > >> me, if wrong. > >No, it means the whole infrastructure. We have many machines. > >> c) Details regarding non-personally identifiable data: Does Debian >> (Debian.org) collect any kind of 'telemetry' or 'monitoring data' >> other than required for operational requirements? I am asking this as > >> from a company's or business point of view: one is concerned about >> intellectual property, company data etc. > >As written, no we do not. > >> d) (This is related to the above point) Does the statement in the >> above excerpt "This logging includes details. login >information >> for Debian systems" mean that Debian stores username and passwords of > >> users? In my case: A local login not a network based login. > >Not in the sense you read into it, no. We do not, in any way, collect >users data of systems installed with Debian[1]. The above is for >machines >running "inside" the debian.org domain and affects Debian Developers, >not any user who just happens to install Debian. > > >[1] There is one tool named popcon. That does actually send data our >way. That is opt-in and you can find more information at >https://popcon.debian.org/ >
Re: Question for Planet Admins: What Should I do if another Developer Removes my Blog
On 15409 March 1977, Sam Hartman wrote: Imagine that I get a note from a random developer saying they have removed my blog from planet. I understand what they are saying enough to believe it is not vandalism; they honestly believe I did something wrong. I can't understand from their message how they hope I'd fix it. I cannot engage with them in what I think is a timely manner. They copied the planet admins who have not gotten involved in the conversation. We may just want to wait to see the other side comment. Now, Planet is kind of a special thing here, with its config being deliberately editable by everyone in the Debian group on salsa. Yes, we DO have the rule to modify YOUR OWN entry or that of someone you sponsor/advocate. And that is what happens in >99% of the cases. The "some random someone modifies others without consent" is not really a case. So less so that I think this whole thread already wasted more energy than it is worth. By a lot. Look at the git log of planets config, ignoring my recent removals of dead entries, you won't see other people randomly removing stuff. And if they modify other people, you find "by request" or something. The one case back when which made you start this was also not done by some random meatbag out there and the log message even said so. (Please, validity of AH team with/without delegation is for another thread). So I do not really see any big problem here that needs to be solved. We certainly have way bigger ones to tackle. Still, lets see... What should I do? 1) Add the blog back myself, asking the person to appeal to the planet admins if they still think my blog should not be present? 2) Ask the planet admins to respond to the situation and either help me understand the problem or add my blog back. Both of them are good. I think #2 might be better, especially if its marked like that one case in the past. May ensure heat not going up needlessly. In my mind the question pops up because we have two conflicting things. It's not really clear that random developers should be removing blogs from planet. On the other hand planet is a shared service and if there really is a critical issue, it's better to get it fixed. However, revert wars are antisocial in and of themselves. One revert is not a war. One revert MAY make other people angry, so meh, not directly reverting may be the better way. Anyways, I do not think we need much more rules currently for planet. It works pretty nicely. Assume common sense, it's what I as an admin do. Also: - If a blog appears hacked and spams planet - anyone is fine to remove it ASAP, do not wait for admins. (Happened) - If someone asks you to modify or remove their entry, fine, go. (Happened) - If you see a merge request on salsa for planet where someone wants to change their stuff - go go go, apply it, anyone (in Debian group) can. (Happened) - If you happen to login to the planet-master machine, read the planet logs and spot stuff like NXDOMAIN or HTTP 500/404/... errors, feel free to remove it (or make it a MR), with a log msg along "Removed, NXDOMAIN", so its clear why it got removed. - For anything else think twice if it needs direct action, if not, mail planet admin. -- bye, Joerg
Re: Question for Planet Admins: What Should I do if another Developer Removes my Blog
> "Jonathan" == Jonathan Carter writes: >> 2) Ask the planet admins to respond to the situation and either >> help me understand the problem or add my blog back. Jonathan> Option number two seems like the entirely logical and Jonathan> reasonable approach. If it seems that you've overstepped Jonathan> it doesn't seem like a good idea to antagonize the admins Jonathan> any further, so I don't think that just adding the blog Jonathan> back without any further feedback is every a good idea. What antagonizes the planet admins is kind of at the crux of this question now isn't it? And the answer to that depends on their needs and goals. I'll say that if I were a planet admin, like you, I'd prefer option two. But multiple people with different outlooks from each other have been talking to me about this. And to them, option 1 was so obviously right in our community that they didn't even consider that there might be another answer. And I found myself having arguments about what the planet admins surely must think. I decided that since I can go actually talk to the planet admins and find out, that might be educational on a number of fronts. --Sam
Re: Question for Planet Admins: What Should I do if another Developer Removes my Blog
Hi Sam On 2019/05/21 12:15, Sam Hartman wrote: > Obviously this question is motivated by things that happened last year, > but I'm not asking about that situation, and the details of the question > I'm asking are intentionally different in ways that matter at least to > me. It's kind of hard to ignore that case in a discussion like this, because a blog removal seems somewhat rare and that was a prominent case. > I am asking this question because in multiple conversations with members > of our community related situations have come up and I'd like to better > understand how we think we should approach disagreement in use of a > shared resource. I think of Planet Debian than more as just a shared resource, it's a window into the world of Debian developers from the world outside, it's also a way for Debian developers to follow what's happening in each other's lives, and it also provides a voice for those who use it. That said, people associate Planet Debian with the Debian project itself, and while it's fine for people to disagree with the Debian project on their blogs that get aggregated, I think that it's important that the content itself doesn't directly violate our core community guidelines (CoC, diversity statement, etc). > Imagine that I get a note from a random developer saying they have > removed my blog from planet. I understand what they are saying enough > to believe it is not vandalism; they honestly believe I did something > wrong. I can't understand from their message how they hope I'd fix it. > > I cannot engage with them in what I think is a timely manner. > > They copied the planet admins who have not gotten involved in the > conversation. > > What should I do? > > 1) Add the blog back myself, asking the person to appeal to the planet > admins if they still think my blog should not be present? > > 2) Ask the planet admins to respond to the situation and either help me > understand the problem or add my blog back. Option number two seems like the entirely logical and reasonable approach. If it seems that you've overstepped it doesn't seem like a good idea to antagonize the admins any further, so I don't think that just adding the blog back without any further feedback is every a good idea. > In my mind the question pops up because we have two conflicting things. > It's not really clear that random developers should be removing blogs > from planet. On the other hand planet is a shared service and if there > really is a critical issue, it's better to get it fixed. > > However, revert wars are antisocial in and of themselves. Debian developers shouldn't just remove a blog from planet without justification, I think that should be codified in the planet rules/guidelines somewhere. If you make a bad upload, someone will be quick to point out to you exactly which part of debian policy you've messed up and file an RC bug against your package. Our community guidelines deserve to be on the same standard, if a blog is removed from planet Debian, it makes sense that there's at least a good reason for that, no? -Jonathan -- ⢀⣴⠾⠻⢶⣦⠀ Jonathan Carter (highvoltage) ⣾⠁⢠⠒⠀⣿⡁ Debian Developer - https://wiki.debian.org/highvoltage ⢿⡄⠘⠷⠚⠋ https://debian.org | https://jonathancarter.org ⠈⠳⣄ Be Bold. Be brave. Debian has got your back.
Re: Question for Planet Admins: What Should I do if another Developer Removes my Blog
> "Ian" == Ian Jackson writes:
Ian> Sam Hartman writes ("Question for Planet Admins: What Should I
Ian> do if another Developer Removes my Blog"):
>> Imagine that I get a note from a random developer saying they
>> have removed my blog from planet. I understand what they are
>> saying enough to believe it is not vandalism; they honestly
>> believe I did something wrong. I can't understand from their
>> message how they hope I'd fix it.
>>
>> I cannot engage with them in what I think is a timely manner.
>>
>> They copied the planet admins who have not gotten involved in the
>> conversation.
>>
>> What should I do?
Ian> Does the answer to this question depend very much on whether
Ian> it's Planet that's the territory for the revert war ?
Ian> ISTM that the same can be true of bugs.d.o at the very least,
Ian> and salsa, and, in principle, even the archive.
That's why I'm asking the planet admins. I'd argue that in general we
delegate responsibility to people to run services as they choose.
It's more complex than that of course, but it's certainly common for us
to give people wide latitude to do their jobs.
So planet admins might well take a different approach than owner@bts or
salsa or...
And absent some project-wide policy or an override or something I think
the planet admins do get to decide for planet.
I think the general question is interesting, and a very reasonable
answer from the planet admins might be "We haven't thought this one
through, let's have a general discussion."
If people do decide to have the general discussion I'd appreciate it if
they were to change the subject.
--Sam
Re: Question for Planet Admins: What Should I do if another Developer Removes my Blog
Sam Hartman writes ("Question for Planet Admins: What Should I do if another
Developer Removes my Blog"):
> Imagine that I get a note from a random developer saying they have
> removed my blog from planet. I understand what they are saying enough
> to believe it is not vandalism; they honestly believe I did something
> wrong. I can't understand from their message how they hope I'd fix it.
>
> I cannot engage with them in what I think is a timely manner.
>
> They copied the planet admins who have not gotten involved in the
> conversation.
>
> What should I do?
Does the answer to this question depend very much on whether it's
Planet that's the territory for the revert war ?
ISTM that the same can be true of bugs.d.o at the very least, and
salsa, and, in principle, even the archive. In theory there is
supposed to be a maintainer to decide, but the maintainer may be away
or simply not responding, or the package may be QA maintained, or
whatever.
I suppose you are asking the Planet admins and they won't necessarily
have an answer. But maybe owner@bugs or d-release or ftpmaster may
want to say how they think these things should be dealt with in their
areas of responsibility (specifically, before or in the absence of a
specific authoritative answer from that team on the issue in
question). That might be illuminating.
Ian.
--
Ian JacksonThese opinions are my own.
If I emailed you from an address @fyvzl.net or @evade.org.uk, that is
a private address which bypasses my fierce spamfilter.
Re: Further inquiry regarding data privacy (for packages installed in Debian)
Hi, Would you recommend me or debian users to go through privacy policy for the default packages/softwares installed in Debian images/iso files. An example would be the firefox-esr that has data collection policy: https://wiki.mozilla.org/Firefox/Data_Collection The default is off for Web activity data and Highly Sensitive data so it should not be a problem. But for other default packages should I go through their privacy policies? Note: As for the packages installed manually by the user (not default packages), it would be the user's responsibity to make sure that they don't send any sensitive data. Also, what ways can one check the privacy policy of the packages installed (by default or manually installed)? - One way would be to open Synaptic Package Manager (for the packages installed from the repositories listed in sources.list), check for homepage (if there) for every package installed and then read the privacy policy on that homepage. - For the packages downloaded from elsewhere, I think the user would have to check the source/homepage etc for its privacy policy. Thank you. On Wed, 27 Feb 2019 13:02:28 -0800 Joerg Jaspert wrote On 15326 March 1977, mailto:npd...@zoho.com wrote: > I am posting an excerpt from the 'Data privacy' page > (https://www.debian.org/legal/privacy): > Service related logging > In addition to the explicitly listed services above the Debian > infrastructure logs details about system accesses for the purposes of > ensuring service availability and reliability, and to enable debugging > and diagnosis of issues when they arise. This logging includes details > of mails sent/received through Debian infrastructure, web page access > requests sent to Debian infrastructure, and login information for > Debian systems (such as SSH logins to project machines). None of this > information is used for any purposes other than operational > requirements and it is only stored for 15 days in the case of web > server logs, 10 days in the case of mail log and 4 weeks in the case > of authentication/ssh logs. > a) Does 'system' and 'Debian systems' in the above excerpt mean an > installation of Debian OS? No. It means a system installed and run by Debian admins providing a service. Like the machine handling this list, or a machine handling a webserver for www.debian.org. > b) I am assuming that 'Debian infrastructure' means the 'Debian > Security Infrastructure' > (https://www.debian.org/doc/manuals/securing-debian-howto/ch7) which > is used to handle security in the stable distribution. Please correct > me, if wrong. No, it means the whole infrastructure. We have many machines. > c) Details regarding non-personally identifiable data: Does Debian > (Debian.org) collect any kind of 'telemetry' or 'monitoring data' > other than required for operational requirements? I am asking this as > from a company's or business point of view: one is concerned about > intellectual property, company data etc. As written, no we do not. > d) (This is related to the above point) Does the statement in the > above excerpt "This logging includes details. login information > for Debian systems" mean that Debian stores username and passwords of > users? In my case: A local login not a network based login. Not in the sense you read into it, no. We do not, in any way, collect users data of systems installed with Debian[1]. The above is for machines running "inside" the debian.org domain and affects Debian Developers, not any user who just happens to install Debian. [1] There is one tool named popcon. That does actually send data our way. That is opt-in and you can find more information at https://popcon.debian.org/ -- bye, Joerg
Re: kindly link to my website www.market99.com
Debian does not work with SEO spammers. Go away. On Tue, May 21, 2019 at 04:37:25AM -0700, vineet1984son...@gmail.com wrote: >Hi, > >I'm the SEO manager for Market99 - a retail store that's known across India for >home decor, kids wear, toys, electronics essentials. You can check us out at >www.market99.com. > >To build a strong SEO score for our organization, we identified your site as >one that can help us improve our SEO health by creating backlinks to our >website. > >Being in a competitive industry like retail, we feel that your support will >help us build a strong foundation to ensure our website reaches the right >audience and ranks highly on search results. > >Feel free to reach out to me in case of any further questions. > >Looking forward to your cooperation. > >Regards, >Vineet >[] -- Steve McIntyre, Cambridge, UK.st...@einval.com The two hard things in computing: * naming things * cache invalidation * off-by-one errors -- Stig Sandbeck Mathisen
kindly link to my website www.market99.com
Hi, I'm the SEO manager for Market99 - a retail store that's known across India for home decor, kids wear, toys, electronics essentials. You can check us out at www.market99.com. To build a strong SEO score for our organization, we identified your site as one that can help us improve our SEO health by creating backlinks to our website. Being in a competitive industry like retail, we feel that your support will help us build a strong foundation to ensure our website reaches the right audience and ranks highly on search results. Feel free to reach out to me in case of any further questions. Looking forward to your cooperation. Regards, Vineet
Question for Planet Admins: What Should I do if another Developer Removes my Blog
Speaking as an individual, although some of the things that motivated me to actually go ahead and ask this question knowing that it might spark discussion were conversations I had as DPL. Obviously this question is motivated by things that happened last year, but I'm not asking about that situation, and the details of the question I'm asking are intentionally different in ways that matter at least to me. I am asking this question because in multiple conversations with members of our community related situations have come up and I'd like to better understand how we think we should approach disagreement in use of a shared resource. Imagine that I get a note from a random developer saying they have removed my blog from planet. I understand what they are saying enough to believe it is not vandalism; they honestly believe I did something wrong. I can't understand from their message how they hope I'd fix it. I cannot engage with them in what I think is a timely manner. They copied the planet admins who have not gotten involved in the conversation. What should I do? 1) Add the blog back myself, asking the person to appeal to the planet admins if they still think my blog should not be present? 2) Ask the planet admins to respond to the situation and either help me understand the problem or add my blog back. In my mind the question pops up because we have two conflicting things. It's not really clear that random developers should be removing blogs from planet. On the other hand planet is a shared service and if there really is a critical issue, it's better to get it fixed. However, revert wars are antisocial in and of themselves. --Sam signature.asc Description: PGP signature
