[openstack-dev] [Glance] IRC logging
sean at dague.net
Tue Jan 13 13:31:32 UTC 2015
On 01/13/2015 08:23 AM, Kuvaja, Erno wrote:
>> -----Original Message-----
>> From: Thierry Carrez [mailto:thierry at openstack.org]
>> Sent: 13 January 2015 13:02
>> To: openstack-dev at lists.openstack.org
>> Subject: Re: [openstack-dev] [Glance] IRC logging
>> Kuvaja, Erno wrote:
>>> 1) One does not need to express themselves in a way that is for public. (
>> Misunderstandings can be corrected on the fly if needed. ) There is no need
>> to explain to anyone reading the logs what you actually meant during the
>> conversation month ago.
>>> 2) there is level of confidentiality within that defined audience. (
>>> For example someone not familiar with the processes thinks they have
>>> found security vulnerability and comes to the IRC-channel to ask
>>> second opinion. Those details are not public and that bug can still be
>>> raised and dealt properly. Once the discussion is logged and the logs
>>> are publicly available the details are publicly available as well. )
>>> 3) That defined audience does not usually limit content. I have no problem
>> to throw my e-mail address, phone number etc. into the channel, I would not
>> yell them out publicly.
>> All 3 arguments point to issues you have with *public* channels, not
>> *logged* channels.
>> Our IRC channels are, in effect, already public. Anyone can join them, anyone
>> can log them. An embargoed vulnerability discussed on an IRC channel
>> (logged or not) should be considered leaked. I agree that logging makes it
>> easier for random people to access that already-public information, but you
>> can't consider an IRC channel private (and change your communication style
>> or content) because it's not logged by eavesdrop.
>> What you seem to be after is a private, invitation-only IRC channel.
>> That's an orthogonal issue to the concept of logging.
> Nope, what I'm saying is that I'm opposing public logging to the level that I will not be part if it will be enabled. If someone start publishing the logs they collect from the channel my response is the same I will ask to stop doing that and if it's not enough I will just leave. I do not use tinfoil hat nor live in a bubble thinking that information is private but I prefer not to make it more obvious. And your private channel would not solve "someone logging and publishing the logs" anyways, any level of privacy in the communication is based on trust was it participants, service/venue providers or something else so lets not make it more difficult than it is.
This is an extremely confusing point of view to me when it comes to a
channel dedicated to the development of a piece Open Source Software.
All the various artifacts on how we got to a piece of software are
valuable in the future maintenance of it, as well as realizing why we
did not go down certain paths in the past.
More information about the OpenStack-dev