Open Stack

On 17/02/15 09:32 -0800, Stefano Maffulli wrote:
>Changing the subject since Flavio's call for openness was broader than
>just private IRC channels.
>
>On Tue, 2015-02-17 at 10:37 +0000, Daniel P. Berrange wrote:
>> If cases of bad community behaviour, such as use of passwd protected
>> IRC channels, are always primarily dealt with via further private
>> communications, then we are denying the voters the information they
>> need to hold people to account. I can understand the desire to avoid
>> publically shaming people right away, because the accusations may be
>> false, or may be arising from a simple mis-understanding, but at some
>> point genuine issues like this need to be public. Without this we make
>> it difficult for contributors to make an informed decision at future
>> elections.
>
>You got my intention right: I wanted to understand better what lead some
>people to create a private channel, what were their needs. For that
>objective, having an accusatory tone won't go anywhere and instead I
>needed to provide them a safe place to discuss and then I would report
>back in the open.
>
>So far, I've only received comments in private from only one person,
>concerned about public logging of channels without notification. I
>wished the people hanging out on at least one of such private channels
>would provide more insights on their choice but so far they have not.

Right, but that isn't a valid point for a private, *password protected*,
IRC channel.

>Regarding the "why" at least one person told me they prefer not to use
>official openstack IRC channels because there is no notification if a
>channel is being publicly logged. Together with freenode not obfuscating
>host names, and eavesdrop logs available to any spammer, one person at
>least is concerned that private information may leak. There may also be
>legal implications in Europe, under the Data Protection Directive, since
>IP addresses and hostnames can be considered sensitive data. Not to
>mention the casual dropping of emails or phone numbers in public+logged
>channels.

With regards to logging, there are ways to hide hostnames and FWIW, I
believe logging IRC channels is part of our open principles. It allows
for historical research - it certainly helpped building a good point
for this thread ;)- that are useful for our community and reference for
future development.

I don't think anyone reads IRC logs everyday but I've seen them linked
and used as a reference enough times to consider them a valuable
resource for our community.

That said, I believe people working in a open community like
OpenStack's should stop worrying about IRC logged channels - which I
honestly believe are the least of their "openness problems" - and focus
on more important things. This is an open community and in order to
make it work we need to keep it as such. Honestly, this is like
joining a mailing list and worrying about possible leacks in "logged
emails".


>I think these points are worth discussing. One easy fix this person
>suggests is to make it default that all channels are logged and write a
>warning on wiki/IRC page. Another is to make the channel bot announce
>whether the channel is logged. Cleaning up the hostname details on
>join/parts from eavesdrop and put the logs behind a login (to hide them
>from spam harvesters).
>
>Thoughts?

I've proposed this several times already and I still think some
consistency here is worth it. I'd vote to enable logging on all
channels.

Fla.

P.S: Join the open side of the force #badumps

-- 
@flaper87
Flavio Percoco
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150218/6840e6bf/attachment.pgp>