Overseers list should not be public

Overseers list should not be public

[Florian Weimer]

https://sourceware.org/ml/overseers/2017-q3/

I want to discuss/suggest Bugzilla anti-spam measures, and doing so on a 
public list would not be appropriate.

Thanks,
Florian

Re: Overseers list should not be public

[Frank Ch. Eigler]

Hi -

> I want to discuss/suggest Bugzilla anti-spam measures, and doing so on a
> public list would not be appropriate.

(You could just cc: a couple of us off-list.)

- FChE

Re: Overseers list should not be public

[Carlos O'Donell]

On 09/15/2017 06:56 AM, Frank Ch. Eigler wrote:
> Hi -
> 
>> I want to discuss/suggest Bugzilla anti-spam measures, and doing so on a
>> public list would not be appropriate.
> 
> (You could just cc: a couple of us off-list.)

For the record I also found it odd that overseers was public, surprising
in fact (and I only found out it was public *this year* after having
sent messages to overseers for years).

The list is specifically for people discussing their problems, and
possibly in a sensitive or vulnerable fashion. However, having the
list public discourages a full reveal of the extent of a problem,
or delays this to some kind of double disclosure e.g. you first
mail the list explaining that you have something embarassing to
talk about, get a list of people who might help you, and then talk
to them privately. The problem there is that the *other* overseers
never get to learn by watching.

All-in-all I consider the public nature of the list to have only
negative consequences.

This is just my opinion. I would further suggest other overseers
comment on their relative positions.

-- 
Cheers,
Carlos.

Re: Overseers list should not be public

[Joseph Myers]

On Fri, 22 Sep 2017, Carlos O'Donell wrote:

> All-in-all I consider the public nature of the list to have only
> negative consequences.

I think it's clearly positive for it to be public.  It means we don't need 
to have a process for defining who from a project gets to be on overseers.  
It means we can readily refer back to past discussions in the archives.  
It means that when there are system problems we can refer to overseers 
discussions of those problems on the mailing lists for individual 
projects, and people who might not otherwise want to be on overseers can 
follow the discussions there while the problems are affecting them.  It 
means people can check the overseers archives to see if a problem they're 
encountering has already been reported.

Note that the overseers archives are disabled from search engine indexing 
via robots.txt.

-- 
Joseph S. Myers
joseph@codesourcery.com

Re: Overseers list should not be public

[Frank Ch. Eigler]

Hi -


On Fri, Sep 22, 2017 at 08:32:33AM -0600, Carlos O'Donell wrote:

> [...]  The list is specifically for people discussing their
> problems, and possibly in a sensitive or vulnerable fashion. [...]

It's for lots of things - but I don't recall anything embarrassing
there, come to think of it.  The funny/sad/embarrassing parts were
people trying to censor mailing list archives of personal folly, and
we haven't had a request for that in some time (whew).  Do you have
another type of example in mind?


- FChE

Re: Overseers list should not be public

[Carlos O'Donell]

On 09/22/2017 08:47 AM, Frank Ch. Eigler wrote:
> Hi -
> 
> 
> On Fri, Sep 22, 2017 at 08:32:33AM -0600, Carlos O'Donell wrote:
> 
>> [...]  The list is specifically for people discussing their
>> problems, and possibly in a sensitive or vulnerable fashion. [...]
> 
> It's for lots of things - but I don't recall anything embarrassing
> there, come to think of it.  The funny/sad/embarrassing parts were
> people trying to censor mailing list archives of personal folly, and
> we haven't had a request for that in some time (whew).  Do you have
> another type of example in mind?

I have no other examples to prove that particular point.

Joseph's other points on this thread are also valid.

It only underscores that it is hard to run a list like overseers
with such varying requirements.

-- 
Cheers,
Carlos.

Re: Overseers list should not be public

[Martin Sebor]

On 09/22/2017 08:39 AM, Joseph Myers wrote:
> On Fri, 22 Sep 2017, Carlos O'Donell wrote:
>
>> All-in-all I consider the public nature of the list to have only
>> negative consequences.
>
> I think it's clearly positive for it to be public.  It means we don't need
> to have a process for defining who from a project gets to be on overseers.
> It means we can readily refer back to past discussions in the archives.
> It means that when there are system problems we can refer to overseers
> discussions of those problems on the mailing lists for individual
> projects, and people who might not otherwise want to be on overseers can
> follow the discussions there while the problems are affecting them.  It
> means people can check the overseers archives to see if a problem they're
> encountering has already been reported.
>
> Note that the overseers archives are disabled from search engine indexing
> via robots.txt.

I also only found out about the list (or public access to it) very
recently.  I remember being surprised by it, mainly because of the
absence of links to its archives or any mention on the Web site of
it being open to subscription that I could find.

Personally I don't see a problem with it being open, but if that's
by design I think it should be documented like all other open lists,
and probably also made searchable.  Doing otherwise implies that
it's not mean to be quite as public as all the others.  (If there's
some other reason for it not being searchable then documenting it
would help dispel that perception.)

Martin

Re: Overseers list should not be public

[Carlos O'Donell]

On 09/22/2017 08:39 AM, Joseph Myers wrote:
> On Fri, 22 Sep 2017, Carlos O'Donell wrote:
> 
>> All-in-all I consider the public nature of the list to have only
>> negative consequences.
> 
> I think it's clearly positive for it to be public.  It means we don't need 
> to have a process for defining who from a project gets to be on overseers.  
> It means we can readily refer back to past discussions in the archives.  
> It means that when there are system problems we can refer to overseers 
> discussions of those problems on the mailing lists for individual 
> projects, and people who might not otherwise want to be on overseers can 
> follow the discussions there while the problems are affecting them.  It 
> means people can check the overseers archives to see if a problem they're 
> encountering has already been reported.

a) Although we lack a formalized processing for getting on overseers, the
   list isn't without an informal vetting process. First you have to realize
   it's a list you can subscribe to, and nothing on https://sourceware.org/lists.html
   says anything about it. Therefore I refute the claims that it's a public
   list with no process for acceptance. It's a public list in name only.
   It is a self-selecting process for getting on overseers which effectively
   makes it private. And the fact that robots.txt doesn't index it furthers
   my claims that it is in theory a list that most people assume is private.

b) I have never referred to an overseers mailing list thread ever because I 
   didn't know it was public, because it's not listed on lists.html. Because
   of that the culture I've seen has been one where I:
   * Email overseers on behalf of my community.
   * Gather consensus from overseers on a solution.
   * Summarize and condense the discussion and repost on the community list.
   Then I reference the community list discussion. Given the limited overseers
   resources this seems like a good way to minimize overloading overseers.
   And if we get the same questions from multiple people we should, as overseers
   keep a sourceware.org "Status" page with live status and just point people at
   that (and I volunteer to help keep that alive as a wiki page with status
   e.g. sourceware.org/wiki/Status with our own wiki with process information
   for how things are handled).

c) I don't have enough data to know if anyone actually does or does not follow
   overseers discussions. I *do* know that people follow my summarized discussions
   on the related community mailing lists.

d) Again, status of overseers should be relegated to a Status wiki page kept live
   by overseers volunteers with green light icons for infrastructure status.

In summary:

- If overseers is public and we see value in it being public, then we should
  do the following:

  (1) List overseers on https://sourceware.org/lists.html
  (2) Allow google to index it so others can receive the benefit of search
      results on it.

- Alternatively if overseers should be made private, to allow people to submit
  sensitive or vulnerable questions, then we should make the list private.

- Regardless of the fact we should have a sourceware.org wiki where a Status
  page gives a live status of the infrastructure. I don't know of anything
  like this (other than the news.html page, not updated since 2005 because
  it's hard to update the html).

-- 
Cheers,
Carlos.

Re: Overseers list should not be public

[Frank Ch. Eigler]

Hi -

>    [...] It's a public list in name only.  It is a self-selecting
>    process for getting on overseers which effectively makes it
>    private. [...]

"public" and "private" is a false dichotomy in this context.
Focus on actual characteristics:

- It is not publicized / well-known.
- Its membership and archives are open. 

It's unusual.

(I agree we could use much better status / infrastructure-related
published data, as a separate topic.)

- FChE

Re: Overseers list should not be public

[Carlos O'Donell]

On 09/22/2017 10:41 AM, Frank Ch. Eigler wrote:
> Hi -
> 
>>    [...] It's a public list in name only.  It is a self-selecting
>>    process for getting on overseers which effectively makes it
>>    private. [...]
> 
> "public" and "private" is a false dichotomy in this context.
> Focus on actual characteristics:
> 
> - It is not publicized / well-known.
> - Its membership and archives are open. 
> 
> It's unusual.
> 
> (I agree we could use much better status / infrastructure-related
> published data, as a separate topic.)

It is germane. Particularly if we are going to outline next steps to
improve our infrastructure. I'm happy to plod along and implement the
next steps, but we need some kind of agreement on those.

Should we commit to an open list as Joseph suggests?

I would see the following as next steps:

* Add overseers to lists.html and describe what the list is for.
* Remove robots.txt entry for overseers mailing list.
* Create a wiki for base sourceware infrastructure.
* Enforce ACL via EditorsGroup to the wiki.
* Add a Status page in the wiki showing sourceware status.
* Update news.html to mention latest breakage.

I can help get these steps accomplished if we think, as a group of
volunteers, that this is a worthwhile endeavour.

-- 
Cheers,
Carlos.

Re: Overseers list should not be public

[Joseph Myers]

On Fri, 22 Sep 2017, Frank Ch. Eigler wrote:

> "public" and "private" is a false dichotomy in this context.
> Focus on actual characteristics:
> 
> - It is not publicized / well-known.
> - Its membership and archives are open. 

And, for a theoretical understanding of such cases where something is 
available to the public but may still have privacy considerations, see 
Helen Nissenbaum's work on privacy as contextual integrity.  In those 
terms, the particular ways in which the list is or is not advertised 
contribute to associated norms of information flow.

-- 
Joseph S. Myers
joseph@codesourcery.com

Re: Overseers list should not be public

[Frank Ch. Eigler]

Hi -

> > (I agree we could use much better status / infrastructure-related
> [...]
> I would see the following as next steps:
> 
> * Add overseers to lists.html and describe what the list is for.
> * Remove robots.txt entry for overseers mailing list.

This is a separate matter ...

> * Create a wiki for base sourceware infrastructure.
> * Enforce ACL via EditorsGroup to the wiki.
> * Add a Status page in the wiki showing sourceware status.
> * Update news.html to mention latest breakage.

... from this.  This latter bit has been on our todo list for
some time, but will get to it shortly.


- FChE

Re: Overseers list should not be public

[Florian Weimer]

On 09/22/2017 04:47 PM, Frank Ch. Eigler wrote:
> It's for lots of things - but I don't recall anything embarrassing
> there, come to think of it.  The funny/sad/embarrassing parts were
> people trying to censor mailing list archives of personal folly, and
> we haven't had a request for that in some time (whew).  Do you have
> another type of example in mind?

https://sourceware.org/ml/overseers/2017-q3/msg00071.html

Posting passwords to public lists even if they are temporary is … strange.

Thanks,
Florian

Re: Overseers list should not be public

[Joseph Myers]

[-- Attachment #1: Type: text/plain, Size: 672 bytes --]

On Fri, 22 Sep 2017, Florian Weimer wrote:

> On 09/22/2017 04:47 PM, Frank Ch. Eigler wrote:
> > It's for lots of things - but I don't recall anything embarrassing
> > there, come to think of it.  The funny/sad/embarrassing parts were
> > people trying to censor mailing list archives of personal folly, and
> > we haven't had a request for that in some time (whew).  Do you have
> > another type of example in mind?
> 
> https://sourceware.org/ml/overseers/2017-q3/msg00071.html
> 
> Posting passwords to public lists even if they are temporary is … strange.

I think posting a password here is just an ordinary mistake.

-- 
Joseph S. Myers
joseph@codesourcery.com

Re: Overseers list should not be public

[Carlos O'Donell]

[-- Attachment #1: Type: text/plain, Size: 808 bytes --]

On Sep 22, 2017 11:15, "Florian Weimer" <fweimer@redhat.com> wrote:

On 09/22/2017 04:47 PM, Frank Ch. Eigler wrote:

> It's for lots of things - but I don't recall anything embarrassing
> there, come to think of it.  The funny/sad/embarrassing parts were
> people trying to censor mailing list archives of personal folly, and
> we haven't had a request for that in some time (whew).  Do you have
> another type of example in mind?
>

https://sourceware.org/ml/overseers/2017-q3/msg00071.html

Posting passwords to public lists even if they are temporary is … strange.


It was a mistake. Mainly fighting the cognitive bias of a decade of
thinking this list was private.  That is my problem to solve though.

What is relevant is the discussion of what should be done if anything.

c.

Re: Overseers list should not be public

[Carlos O'Donell]

[-- Attachment #1: Type: text/plain, Size: 754 bytes --]

On Sep 22, 2017 11:14, "Frank Ch. Eigler" <fche@redhat.com> wrote:

Hi -

> > (I agree we could use much better status / infrastructure-related
> [...]
> I would see the following as next steps:
>
> * Add overseers to lists.html and describe what the list is for.
> * Remove robots.txt entry for overseers mailing list.

This is a separate matter ...

> * Create a wiki for base sourceware infrastructure.
> * Enforce ACL via EditorsGroup to the wiki.
> * Add a Status page in the wiki showing sourceware status.
> * Update news.html to mention latest breakage.

... from this.  This latter bit has been on our todo list for
some time, but will get to it shortly.


Can I help with that?

Do you agree with all the bullet points after the first two?

c.

Re: Overseers list should not be public

[Frank Ch. Eigler]

Hi -

On Fri, Sep 22, 2017 at 12:33:56PM -0500, Carlos O'Donell wrote:
> [...]
> This is a separate matter ...
> 
> > * Create a wiki for base sourceware infrastructure.
> [...]
> Can I help with that?
> [...]

Please do!  Finally set up an ikiwiki instance (git-backed,
lightweight) wiki for infrastructure docs.  It's mostly blank!

https://sourceware.org/sourceware-wiki/

Ping me on irc for the "account creation password".

- FChE