[openstack-dev] [Glance] IRC logging
kuvaja at hp.com
Tue Jan 13 17:06:08 UTC 2015
> -----Original Message-----
> From: Dave Walker [mailto:email at daviey.com]
> Sent: 13 January 2015 15:10
> To: OpenStack Development Mailing List (not for usage questions)
> Subject: Re: [openstack-dev] [Glance] IRC logging
> On 13 January 2015 at 12:32, Kuvaja, Erno <kuvaja at hp.com> wrote:
> > I'm heavily against the public logging to the level that I will just leave the
> channel if that will be enabled. My point is not foul language and I do
> understand that there could be some benefits out of it. Personally I think we
> have enough tracked public communication means like ask.openstack.org
> and the mailing lists. IRC is and has always been real time communications
> with defined audience.
> > I think the major benefits of this defined audience are:
> > 1) One does not need to express themselves in a way that is for public. (
> Misunderstandings can be corrected on the fly if needed. ) There is no need
> to explain to anyone reading the logs what you actually meant during the
> conversation month ago.
> > 2) there is level of confidentiality within that defined audience. (
> > For example someone not familiar with the processes thinks they have
> > found security vulnerability and comes to the IRC-channel to ask
> > second opinion. Those details are not public and that bug can still be
> > raised and dealt properly. Once the discussion is logged and the logs
> > are publicly available the details are publicly available as well. )
> > 3) That defined audience does not usually limit content. I have no problem
> to throw my e-mail address, phone number etc. into the channel, I would not
> yell them out publicly.
> > For me personally the last point is the biggest problem, professionally the
> second is major concern. I have been using IRC for so long time that I'm not
> willing to take the risk I can't filter myself on my regular channels. Meetings
> are different story as there it is defined time and at least I'm on meeting
> mode that time knowing it will be publicly logged.
> > The channels are not locked so anyone can keep a client online and log it
> for themselves if they feel need for it and lots of people do so. There is just
> that big barrier having it within the defined group you can see on the channel
> versus public to anyone.
> > As opposed to Cindy's original statement of not wanting to be available off-
> hours, that's solved already: you can set your client to away or not respond.
> It's really common on any IRC network that nick is online while user is not or
> is ignoring that real time outreach by personal preference. No-one
> will/should take that personally or offensive. Not having bouncer/shell to run
> your client is as well personal preference, I doubt anyone can claim they
> could not do it with the options available nowadays.
> > - Erno (jokke_) Kuvaja
> I think these concerns are more based around fear, than any real merit. I
> would suggest that any IRC communication should be treated as public, and
> therefore the idea of bouncing around personal contacts details is pretty
> poor personal security. If this is required, then using private messages would
> seem to be perfectly suitable.
> A user can join any #openstack-* channel, and not necessarily be a friend of
> the project. The concerns about security issues should be treated as if they
> have already become public.
> It seems that Openstack currently has around 40 non-meeting channels
> logged and contrasting with the Ubuntu project, there are some 350 public
> logged channels - with the logs going back to 2004. This has caused little
> issue over the years.
> It would seem logical to introduce project-wide irc logging IMO. I
> *have* found it useful to search through archives of projects, and find it
> frustrating when this data is not available.
> I really struggle with the idea that contributors of a developer channel do not
> consider themselves to be talking in a public forum, which to me - is the same
> as being logged. Without this mindset, the channel (and project?) merely
> becomes a cabal developers area.
>  http://eavesdrop.openstack.org/irclogs/
>  http://irclogs.ubuntu.com/2015/01/01/
> Kind Regards,
> Dave Walker
I do not have a problem to tell my phone number to someone at my local which is packed with people I do not know and they might hear it, I would have problem with my local if they would start recording all discussions in their premises and posting those publicly in the internet. I don't have even problem X people recording their visits there as long as it stays in their private collection, again same thing I would have problem them putting those records out public and I would try to ensure not being in their vicinity. Why should I/we/one treat IRC differently to any other public venue of discussion?
> OpenStack Development Mailing List (not for usage questions)
> Unsubscribe: OpenStack-dev-
> request at lists.openstack.org?subject:unsubscribe
More information about the OpenStack-dev