Open Stack

On Tue, Feb 17, 2015 at 09:32:53AM -0800, Stefano Maffulli wrote:
> Changing the subject since Flavio's call for openness was broader than
> just private IRC channels.
> 
> On Tue, 2015-02-17 at 10:37 +0000, Daniel P. Berrange wrote:
> > If cases of bad community behaviour, such as use of passwd protected
> > IRC channels, are always primarily dealt with via further private
> > communications, then we are denying the voters the information they
> > need to hold people to account. I can understand the desire to avoid
> > publically shaming people right away, because the accusations may be
> > false, or may be arising from a simple mis-understanding, but at some
> > point genuine issues like this need to be public. Without this we make
> > it difficult for contributors to make an informed decision at future
> > elections.
> 
> You got my intention right: I wanted to understand better what lead some
> people to create a private channel, what were their needs. For that
> objective, having an accusatory tone won't go anywhere and instead I
> needed to provide them a safe place to discuss and then I would report
> back in the open.

Reporting back on the explanations is great, but what I'm trying to
understand is at what point would you consider saying *who* was running
the private IRC channels ? Would you intend for that be private forever,
or would you make a judgement call on whether explanations provided are
acceptable, or something else ?

If it is kept private, then I think we are unable to meaningfully
participate in project elections, because the information that is
directly relevant to the people we are potentially voting for in
future elections, is withheld from us. I'm sure you would make a
decision that you considered to be in the best interests of the
project, but ultimately it will always be a subjective decision.

> So far, I've only received comments in private from only one person,
> concerned about public logging of channels without notification. I
> wished the people hanging out on at least one of such private channels
> would provide more insights on their choice but so far they have not.
> 
> Regarding the "why" at least one person told me they prefer not to use
> official openstack IRC channels because there is no notification if a
> channel is being publicly logged. Together with freenode not obfuscating
> host names, and eavesdrop logs available to any spammer, one person at
> least is concerned that private information may leak. There may also be
> legal implications in Europe, under the Data Protection Directive, since
> IP addresses and hostnames can be considered sensitive data. Not to
> mention the casual dropping of emails or phone numbers in public+logged
> channels.

To me this all just feels like an attempt to come up with justification of
action after the fact. Further, everything said there applies just as much
to participation over email than via IRC. The spammer problem and information
leakage is arguably far worse over email. Ultimately this is supposed to be
an open collaborative project, so by its very nature you have to accept that
information & discussions in the open and so subject to viewing by anyone
and at any, whether they are other contributors, users, or spammers.

Ultimately though, this is just my personal POV on the matter, and other
contributors in the community may feel this justification that was provided
is acceptable to them. Everyone is entitled to make up their own mind on the
matter. This is why I feel that if the issue reported is confirmed to be
true, then the explanations offered should be made in public to allow each
person to make their own subjective decision.

> I think these points are worth discussing. One easy fix this person
> suggests is to make it default that all channels are logged and write a
> warning on wiki/IRC page. Another is to make the channel bot announce
> whether the channel is logged. Cleaning up the hostname details on
> join/parts from eavesdrop and put the logs behind a login (to hide them
> from spam harvesters).

Personally I think all our IRC channels should be logged. There is really
no expectation of privacy when using IRC in an open collaborative project.

Scrubbing hostnames/ip addresses from logs is pretty reasonable. As a
comparison with email, mailman archives will typically have email addresses
either scrubbed or obfuscated.

I would object to them being put behind a login of any kind, because that
turns the logs into an information blackhole as it prevents google, etc
from indexing them. There are plenty of times when search results end up
taking you to IRC logs and this is too valuable to loose just because
people want some security through obscurity for their hostnames.

It sucks that there are spammers on the internet, but the basis of an
open project is that of openness to anyone and sadly that includes
spammers that we'd all really rather went away. As soon as you start
trying to close it off to certain people, you cause harm to the community
as a whole, as has been seen here :-(

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|