[openstack-dev] [Glance] IRC logging

Thierry Carrez thierry at openstack.org
Tue Jan 13 13:01:50 UTC 2015


Kuvaja, Erno wrote:
> [...]
> 1) One does not need to express themselves in a way that is for public. ( Misunderstandings can be corrected on the fly if needed. ) There is no need to explain to anyone reading the logs what you actually meant during the conversation month ago.
> 2) there is level of confidentiality within that defined audience. ( For example someone not familiar with the processes thinks they have found security vulnerability and comes to the IRC-channel to ask second opinion. Those details are not public and that bug can still be raised and dealt properly. Once the discussion is logged and the logs are publicly available the details are publicly available as well. )
> 3) That defined audience does not usually limit content. I have no problem to throw my e-mail address, phone number etc. into the channel, I would not yell them out publicly.
> [...]

All 3 arguments point to issues you have with *public* channels, not
*logged* channels.

Our IRC channels are, in effect, already public. Anyone can join them,
anyone can log them. An embargoed vulnerability discussed on an IRC
channel (logged or not) should be considered leaked. I agree that
logging makes it easier for random people to access that already-public
information, but you can't consider an IRC channel private (and change
your communication style or content) because it's not logged by eavesdrop.

What you seem to be after is a private, invitation-only IRC channel.
That's an orthogonal issue to the concept of logging.

-- 
Thierry Carrez (ttx)



More information about the OpenStack-dev mailing list