[HCoop-Discuss] Openness of mailing lists

Nathan Kennedy ntk at hcoop.net
Sat Apr 28 19:30:55 EDT 2007 

Aaron Hsu wrote:
> I strongly believe that all the lists should be public. First, such  
> openness should help to demand a level of responsibility and public  
> accountability on the part of the authors and contributors to that list. I  
> strongly believe in an open policy to security vulnerabilities, and in  
> fixing them post haste.
I was one who said that hcoop-sysadmin should be private, in that we 
should have at least one members-only mailing list.  I'm not worried 
about embarrassment or privacy issues.  I am worried about jeopardizing 
HCoop's security and stability.  Right now there is no forum for the 
admins (or other members) to discuss issues without exposing this to the 
entire internet.  Both of these have nothing to do with the content of 
the messages ultimately becoming public, but with them being public in 
realtime.

This creates major problems:
1. Hackers trawling the web may be able to exploit security issues being 
discussed on -sysadmin faster than we can fix them.  Remember we are 
talking about a live system that our members depend on for hosting their 
sites and handling their email, not new exploits in the abstract.
2. Somewhat less important but still an issue, our strategy for 
negotiating with businesses also may not be something that we want to be 
public before it is finalized.  Whether it's negotiating over contracts 
or deciding how to respond to, putting every word out there as it is 
said puts us at a disadvantage and potentially creates the possibility 
of retaliation.

Ultimately, I don't care if it's hcoop-sysadmin or a new list, but I 
think it is important that we have a semi-private way for members to 
communicate.  For important issues this has already been happening with 
email CC's, and it will always continue to happen as long as we have no 
private mailing list.  At least with a private mailing list a record of 
the emails is kept and available to members, which is not the case with 
private emails.  We already have a consensus that we want to keep 
hcoop-discuss open and keep most list traffic in general open to the 
public.  By moving some private emails onto a semiprivate members-only 
list, we may end up bringing more member communication to light.

-ntk

More information about the HCoop-Discuss mailing list