[openstack-dev] [Glance] IRC logging

Dave Walker email at daviey.com
Tue Jan 13 15:09:30 UTC 2015


On 13 January 2015 at 12:32, Kuvaja, Erno <kuvaja at hp.com> wrote:
> I'm heavily against the public logging to the level that I will just leave the channel if that will be enabled. My point is not foul language and I do understand that there could be some benefits out of it. Personally I think we have enough tracked public communication means like ask.openstack.org and the mailing lists. IRC is and has always been real time communications with defined audience.
>
> I think the major benefits of this defined audience are:
> 1) One does not need to express themselves in a way that is for public. ( Misunderstandings can be corrected on the fly if needed. ) There is no need to explain to anyone reading the logs what you actually meant during the conversation month ago.
> 2) there is level of confidentiality within that defined audience. ( For example someone not familiar with the processes thinks they have found security vulnerability and comes to the IRC-channel to ask second opinion. Those details are not public and that bug can still be raised and dealt properly. Once the discussion is logged and the logs are publicly available the details are publicly available as well. )
> 3) That defined audience does not usually limit content. I have no problem to throw my e-mail address, phone number etc. into the channel, I would not yell them out publicly.
>
> For me personally the last point is the biggest problem, professionally the second is major concern. I have been using IRC for so long time that I'm not willing to take the risk I can't filter myself on my regular channels. Meetings are different story as there it is defined time and at least I'm on meeting mode that time knowing it will be publicly logged.
>
> The channels are not locked so anyone can keep a client online and log it for themselves if they feel need for it and lots of people do so. There is just that big barrier having it within the defined group you can see on the channel versus public to anyone.
>
> As opposed to Cindy's original statement of not wanting to be available off-hours, that's solved already: you can set your client to away or not respond. It's really common on any IRC network that nick is online while user is not or is ignoring that real time outreach by personal preference. No-one will/should take that personally or offensive. Not having bouncer/shell to run your client is as well personal preference, I doubt anyone can claim they could not do it with the options available nowadays.
>
>  - Erno (jokke_) Kuvaja


Hi,

I think these concerns are more based around fear, than any real
merit.  I would suggest that any IRC communication should be treated
as public, and therefore the idea of bouncing around personal contacts
details is pretty poor personal security.  If this is required, then
using private messages would seem to be perfectly suitable.

A user can join any #openstack-* channel, and not necessarily be a
friend of the project.  The concerns about security issues should be
treated as if they have already become public.

It seems that Openstack currently has around 40 non-meeting channels
logged[0] and contrasting with the Ubuntu project, there are some 350
public logged channels[1] - with the logs going back to 2004.  This
has caused little issue over the years.

It would seem logical to introduce project-wide irc logging IMO.  I
*have* found it useful to search through archives of projects, and
find it frustrating when this data is not available.

I really struggle with the idea that contributors of a developer
channel do not consider themselves to be talking in a public forum,
which to me - is the same as being logged.  Without this mindset, the
channel (and project?) merely becomes a cabal developers area.

[0] http://eavesdrop.openstack.org/irclogs/
[1] http://irclogs.ubuntu.com/2015/01/01/

--
Kind Regards,
Dave Walker



More information about the OpenStack-dev mailing list