Re: [openstack-dev] [Glance] IRC logging

[Flavio Percoco]

On 13/01/15 08:27 -0500, Sean Dague wrote:

On 01/13/2015 08:01 AM, Thierry Carrez wrote:

Kuvaja, Erno wrote:

[...]
1) One does not need to express themselves in a way that is for public. ( 
Misunderstandings can be corrected on the fly if needed. ) There is no need to 
explain to anyone reading the logs what you actually meant during the 
conversation month ago.
2) there is level of confidentiality within that defined audience. ( For 
example someone not familiar with the processes thinks they have found security 
vulnerability and comes to the IRC-channel to ask second opinion. Those details 
are not public and that bug can still be raised and dealt properly. Once the 
discussion is logged and the logs are publicly available the details are 
publicly available as well. )
3) That defined audience does not usually limit content. I have no problem to 
throw my e-mail address, phone number etc. into the channel, I would not yell 
them out publicly.
[...]

All 3 arguments point to issues you have with *public* channels, not
*logged* channels.

Our IRC channels are, in effect, already public. Anyone can join them,
anyone can log them. An embargoed vulnerability discussed on an IRC
channel (logged or not) should be considered leaked. I agree that
logging makes it easier for random people to access that already-public
information, but you can't consider an IRC channel private (and change
your communication style or content) because it's not logged by eavesdrop.

What you seem to be after is a private, invitation-only IRC channel.
That's an orthogonal issue to the concept of logging.

Honestly, I do think it's probably worth having an OpenStack wide bit of
guidance here, especially now that every project has felt the need to
spin up their own channel instead of using #openstack-dev (which is
currently mostly void of content).

Not having these logs means we often are missing important parts of
historical context when decisions are made, because a lot more design is
happening in unarchived formats than archived ones.

+2A

As mentioned in my last email, I think this is worth doing and asking
for. It will also avoid this kinds of discussions and it'll also make
clear the status of our IRC channels.

For example, people with concerns like Erno's would know in advance
that all openstack related IRC channels are logged.

Not sure how/when this can be asked/enforced but it'd avoid this kind
of discussions, at least.

Flavio

        -Sean

--
Sean Dague
http://dague.net

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev

--
@flaper87
Flavio Percoco

pgpQWSgWiNTyI.pgp
Description: PGP signature

__________________________________________________________________________
OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev