Open Stack

On Tue, Feb 17, 2015, at 09:32 AM, Stefano Maffulli wrote:
> Changing the subject since Flavio's call for openness was broader than
> just private IRC channels.
> 
> On Tue, 2015-02-17 at 10:37 +0000, Daniel P. Berrange wrote:
> > If cases of bad community behaviour, such as use of passwd protected
> > IRC channels, are always primarily dealt with via further private
> > communications, then we are denying the voters the information they
> > need to hold people to account. I can understand the desire to avoid
> > publically shaming people right away, because the accusations may be
> > false, or may be arising from a simple mis-understanding, but at some
> > point genuine issues like this need to be public. Without this we make
> > it difficult for contributors to make an informed decision at future
> > elections.
> 
> You got my intention right: I wanted to understand better what lead some
> people to create a private channel, what were their needs. For that
> objective, having an accusatory tone won't go anywhere and instead I
> needed to provide them a safe place to discuss and then I would report
> back in the open.
> 
> So far, I've only received comments in private from only one person,
> concerned about public logging of channels without notification. I
> wished the people hanging out on at least one of such private channels
> would provide more insights on their choice but so far they have not.
> 
> Regarding the "why" at least one person told me they prefer not to use
> official openstack IRC channels because there is no notification if a
> channel is being publicly logged. Together with freenode not obfuscating
> host names, and eavesdrop logs available to any spammer, one person at
> least is concerned that private information may leak. There may also be
> legal implications in Europe, under the Data Protection Directive, since
> IP addresses and hostnames can be considered sensitive data. Not to
> mention the casual dropping of emails or phone numbers in public+logged
> channels.
> 
> I think these points are worth discussing. One easy fix this person
> suggests is to make it default that all channels are logged and write a
> warning on wiki/IRC page. Another is to make the channel bot announce
> whether the channel is logged. Cleaning up the hostname details on
> join/parts from eavesdrop and put the logs behind a login (to hide them
> from spam harvesters). 
> 
> Thoughts?
> 
It is worth noting that just about everything else is logged too. Git
repos track changes individuals have made, this mailing list post will
be publicly available, and so on. At the very least I think the
assumption should be that any openstack IRC channel is logged and since
assumptions are bad we should be explicit about this. I don't think this
means we require all channels actually be logged, just advertise than
many are and any can be (because really any individual with freenode
access can set up public logging).

I don't think we should need to explicitly cleanup our logs. Mostly
because any individual can set up public logs that are not sanitized.
Instead IRC users should use tools like cloaks or Tor to get the level
of obfuscation and security that they desire. Freenode has docs for
both, see https://freenode.net/faq.shtml#cloaks and
https://freenode.net/irc_servers.shtml#tor

Hope this helps,
Clark