[HCoop-Discuss] Openness of mailing lists

Aaron Hsu arcfide at sacrificumdeo.net
Sat Apr 28 19:38:18 EDT 2007 

On Sat, 28 Apr 2007 18:30:55 -0500, Nathan Kennedy <ntk at hcoop.net> wrote:

> Aaron Hsu wrote:
>> I strongly believe that all the lists should be public. First, such
>> openness should help to demand a level of responsibility and public
>> accountability on the part of the authors and contributors to that  
>> list. I
>> strongly believe in an open policy to security vulnerabilities, and in
>> fixing them post haste.
> I was one who said that hcoop-sysadmin should be private, in that we
> should have at least one members-only mailing list.  I'm not worried
> about embarrassment or privacy issues.  I am worried about jeopardizing
> HCoop's security and stability.  Right now there is no forum for the
> admins (or other members) to discuss issues without exposing this to the
> entire internet.  Both of these have nothing to do with the content of
> the messages ultimately becoming public, but with them being public in
> realtime.
>
> This creates major problems:
> 1. Hackers trawling the web may be able to exploit security issues being
> discussed on -sysadmin faster than we can fix them.  Remember we are
> talking about a live system that our members depend on for hosting their
> sites and handling their email, not new exploits in the abstract.
> 2. Somewhat less important but still an issue, our strategy for
> negotiating with businesses also may not be something that we want to be
> public before it is finalized.  Whether it's negotiating over contracts
> or deciding how to respond to, putting every word out there as it is
> said puts us at a disadvantage and potentially creates the possibility
> of retaliation.
>
> Ultimately, I don't care if it's hcoop-sysadmin or a new list, but I
> think it is important that we have a semi-private way for members to
> communicate.  For important issues this has already been happening with
> email CC's, and it will always continue to happen as long as we have no
> private mailing list.  At least with a private mailing list a record of
> the emails is kept and available to members, which is not the case with
> private emails.  We already have a consensus that we want to keep
> hcoop-discuss open and keep most list traffic in general open to the
> public.  By moving some private emails onto a semiprivate members-only
> list, we may end up bringing more member communication to light.

Hrm, you make a good point. Assuming the above things, then it might make  
sense to make SYSADMIN completely members only. I won't object any more  
than I have.

-- 
Aaron Hsu <arcfide at sacrificumdeo.net>
http://www.aaronhsu.com | XMPP/Gtalk: arcfide at xmpp.us
(703) 597-7656 | "No one could make a greater mistake than he who did  
nothing because he could do only a little." - Edmund Burke

More information about the HCoop-Discuss mailing list