[openstack-dev] [Glance] IRC logging

Kuvaja, Erno kuvaja at hp.com
Tue Jan 13 13:23:34 UTC 2015


> -----Original Message-----
> From: Thierry Carrez [mailto:thierry at openstack.org]
> Sent: 13 January 2015 13:02
> To: openstack-dev at lists.openstack.org
> Subject: Re: [openstack-dev] [Glance] IRC logging
> 
> Kuvaja, Erno wrote:
> > [...]
> > 1) One does not need to express themselves in a way that is for public. (
> Misunderstandings can be corrected on the fly if needed. ) There is no need
> to explain to anyone reading the logs what you actually meant during the
> conversation month ago.
> > 2) there is level of confidentiality within that defined audience. (
> > For example someone not familiar with the processes thinks they have
> > found security vulnerability and comes to the IRC-channel to ask
> > second opinion. Those details are not public and that bug can still be
> > raised and dealt properly. Once the discussion is logged and the logs
> > are publicly available the details are publicly available as well. )
> > 3) That defined audience does not usually limit content. I have no problem
> to throw my e-mail address, phone number etc. into the channel, I would not
> yell them out publicly.
> > [...]
> 
> All 3 arguments point to issues you have with *public* channels, not
> *logged* channels.
> 
> Our IRC channels are, in effect, already public. Anyone can join them, anyone
> can log them. An embargoed vulnerability discussed on an IRC channel
> (logged or not) should be considered leaked. I agree that logging makes it
> easier for random people to access that already-public information, but you
> can't consider an IRC channel private (and change your communication style
> or content) because it's not logged by eavesdrop.
> 
> What you seem to be after is a private, invitation-only IRC channel.
> That's an orthogonal issue to the concept of logging.

Nope, what I'm saying is that I'm opposing public logging to the level that I will not be part if it will be enabled. If someone start publishing the logs they collect from the channel my response is the same I will ask to stop doing that and if it's not enough I will just leave.  I do not use tinfoil hat nor live in a bubble thinking that information is private but I prefer not to make it more obvious. And your private channel would not solve "someone logging and publishing the logs" anyways, any level of privacy in the communication is based on trust was it participants, service/venue providers or something else so lets not make it more difficult than it is.

- Erno
> 
> --
> Thierry Carrez (ttx)
> 
> __________________________________________________________
> ________________
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-
> request at lists.openstack.org?subject:unsubscribe
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev



More information about the OpenStack-dev mailing list