Discussion:
having public irc logs?
(too old to reply)
Gianfranco Costamagna
2017-04-06 08:44:20 UTC
Permalink
Hello Mehdi and Chris,



Debian has a "we don't hide things" wording in his constitution.


However we don't have a public irc log system, and most


of the conversations between us are happening there.



How do you relate to that issue? Do you see it as a problem,


or do you think people should join irc to read our conversations?


(channels protected by a passphrase are of course out of this question).


thanks


Gianfranco
Holger Levsen
2017-04-06 09:57:56 UTC
Permalink
Post by Gianfranco Costamagna
Debian has a "we don't hide things" wording in his constitution.
I think you are misremembering. "We dont hide problems and we promise that we
will operate our bug tracking system in public forever". And that's from the
social contract (#3 of it), not the constitution.

Debian never said we would make everything public.
--
cheers,
Holger
Gianfranco Costamagna
2017-04-06 15:17:45 UTC
Permalink
Hello,
Post by Holger Levsen
I think you are misremembering. "We dont hide problems and we promise that we
will operate our bug tracking system in public forever". And that's from the
social contract (#3 of it), not the constitution.
Debian never said we would make everything public.
thanks for the answer, so the question still stands:
can we please have public irc logs? Would you consider such feature?

Ubuntu e.g. is providing a public irclog server online open to everybody.

cheers,

Gianfranco
Clint Adams
2017-04-06 15:39:39 UTC
Permalink
Post by Gianfranco Costamagna
can we please have public irc logs? Would you consider such feature?
I hereby threaten to rank below NoTA any candidate who supports
public irc logs.
Jonathan Dowland
2017-04-12 09:49:33 UTC
Permalink
Post by Clint Adams
I hereby threaten to rank below NoTA any candidate who supports
public irc logs.
BRB, just making some loose leaf tea, so I can read it to get your reasoning.
Or perhaps you wrote it in an IRC channel when I wasn't looking.
--
⢀⣎⠟⠻⢶⣊⠀
⣟⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄⠀⠀⠀⠀ Please do not CC me, I am subscribed to the list.
Joerg Jaspert
2017-04-06 16:03:32 UTC
Permalink
Post by Gianfranco Costamagna
Debian has a "we don't hide things" wording in his constitution.
However we don't have a public irc log system, and most
of the conversations between us are happening there.
How do you relate to that issue? Do you see it as a problem,
or do you think people should join irc to read our conversations?
(channels protected by a passphrase are of course out of this question).
If you follow your way of thinking (which is wrong here, btw :) ), you
end up requiring that every time two Developers meet and speak about
Debian things - they need to transcribe them and put that online
somewhere. Or we hide... Every conversation at DebConf, as soon as it
goes beyond "Want another beer?" needs to be scribbled down and put
online. Or we hide...

Silly?

Yes, but thats what you started. We as a project aren't saying that
everything will be available for everyone everywhere, and thats good.
--
bye, Joerg
Gianfranco Costamagna
2017-04-07 07:51:21 UTC
Permalink
Hello,
Post by Joerg Jaspert
If you follow your way of thinking (which is wrong here, btw :) ), you
end up requiring that every time two Developers meet and speak about
[...]
Post by Joerg Jaspert
Most of our IRC channels are public, and that's how it should be.
However, there's a difference between "anyone can join and follow the
conversation now", and "anyone can read me being in a bad mood and
saying things I'll regret later for all eternity". For one thing, if you
see me being in a bad mood and ranting aloud, you might want to ask
what's going on, and I could realize that I'm misbehaving (as per our
CoC). Not so with public IRC logs.
[...]


your points are clear, but still most of conversations are *useful* to people
not having an irc bouncer
e.g. I think Release Team channel is useful to know if something bad is going on,
also Ftp channel or Buildd one. e.g. I can spot the need of a give back, I can check
the log to see if it has been already requested, and then go in the channel to

request it.

Knowing that a place is logged, should prevent people from grumping (too much) or giving
inappropriate answers.

I see two scenarios:
1) now everybody thinks irc is private and privacy protected, so people are encouraged
to "say what they think without doing it in an appropriate way"
2) irc becomes publicly logged, and people starts behaving more appropriately.

You want to protect privacy but you know privacy doesn't exist on public places.

(it would be nice if some removed developer going away after some bad flame war over Debian would
publish *all* the logs just for fun)
How will you protect the privacy then?

People should be responsible for what they say, regardless where they say.
We are not kids anymore.

This is obviously a general question :)

(most of this might apply to -private mail list, but in this case join rules are clear in advance, while over irc they arent).

thanks for sharing your point of view, it has been appreciated.

Gianfranco
martin f krafft
2017-04-07 08:00:09 UTC
Permalink
Post by Gianfranco Costamagna
your points are clear, but still most of conversations are
*useful* to people not having an irc bouncer
This is getting off-topic, but you could consider using matrix.org
with its IRC bridges. Sign up using e.g. http://riot.im/app and then
join the room #_oftc_#debian-release:matrix.org and you'll be able
to interact through Matrix, which keeps history for you.
--
.''`. martin f. krafft <***@d.o> @martinkrafft
: :' : proud Debian developer
`. `'` http://people.debian.org/~madduck
`- Debian - when you have better things to do than fixing systems

unix, because rebooting is for adding new hardware.
Lars Wirzenius
2017-04-07 11:12:53 UTC
Permalink
(Replies redirected to debian-project, since this has nothing to do
with the DPL election anymore.)
Post by Gianfranco Costamagna
e.g. I think Release Team channel is useful to know if something bad
is going on, also Ftp channel or Buildd one. e.g. I can spot the
need of a give back, I can check the log to see if it has been
already requested, and then go in the channel to request it.
I guestion the usefulness of IRC logs for that kind of thing. The log
shows that, say, a package was discussed three hours ago. Has the
situation changed? It might have, but without anyone mentioning it on
IRC, and therefor in the log. The kinds of things that are discussed
on IRC tend be quickly changing. Logs are not useful for those. In my
opinion and experience.
Post by Gianfranco Costamagna
1) now everybody thinks irc is private and privacy protected, so
people are encouraged to "say what they think without doing it in an
appropriate way"
2) irc becomes publicly logged, and people starts behaving more appropriately.
This does not match my observations of reality. People seem happy to
behave quite badly using their own names in public fora as it is.
Making IRC channels public is unlikely to have much effect on
behaviour.

If it did, nobody would be an ass on Facebook, Google+, or Twitter
unless they've taken care to hide their identity well. Yet people are
posting, using their real names, sexist and racist slurs, even death
threats. Not to mention newspapers and TV.

If there's a problem with how people behave on IRC, that should be
addressed directly.
Post by Gianfranco Costamagna
You want to protect privacy but you know privacy doesn't exist on public places.
I disgree strongly.

If I sit on a park bench with a friend and we discuss something, we
have an expectation of privacy. If you record our conversation and
play it on the radio, you've violated our privacy.
Post by Gianfranco Costamagna
(it would be nice if some removed developer going away after some
bad flame war over Debian would publish *all* the logs just for fun)
How will you protect the privacy then?
You're suggesting that someone publish non-public discussions? Becuase
it would be fun? Seriously?
Post by Gianfranco Costamagna
People should be responsible for what they say, regardless where
they say. We are not kids anymore.
I'll be sending a handyman to install a webcam and microphone in your
bathroom and bedroom. I've also engaged a private investigator firm to
follow you and record all discussions you have with friends. The ones
that mention or refer to Debian will be posted to
meetings-archive.debian.net. A team of volunteers will transcribe them
and post them to identi.ca. After all, ýou need to be responsible for
anything you say, at any time, in any place, in any context.

More constructively... if you have a point that specific disucssions
about, say, release management should be made more public, then make a
specific suggestion about that, with justificiations why it's a good
idea. Saying that all Debian IRC channels should be logged publically
is too broad to be acceptable to a large number of people.
--
I want to build worthwhile things that might last. --joeyh
Gianfranco Costamagna
2017-04-07 14:21:10 UTC
Permalink
(this question was on debian-vote by purpose, and was directed to DPL,
I'll drop -vote on the next email)
Post by Lars Wirzenius
(Replies redirected to debian-project, since this has nothing to do
with the DPL election anymore.)
sigh, I agree
(I would have used -devel to have a public discussion, this wasn't
the case, but meh, it is nice to discuss such things anyway)
Post by Lars Wirzenius
I guestion the usefulness of IRC logs for that kind of thing. The log
shows that, say, a package was discussed three hours ago. Has the
situation changed? It might have, but without anyone mentioning it on
IRC, and therefor in the log. The kinds of things that are discussed
on IRC tend be quickly changing. Logs are not useful for those. In my
opinion and experience.
I had many times written something just some minutes after somebody else.
You might question it, I might agree with you, but in my life I have a lot
of use-cases of this being useful
(e.g. my uploads not being accepted, a quick look on -ftp channel logs
can show signs of dak sadness).

But anyway, I don't see any added value of discussing what I find useful
and what you find useful :)
Post by Lars Wirzenius
This does not match my observations of reality. People seem happy to
behave quite badly using their own names in public fora as it is.
Making IRC channels public is unlikely to have much effect on
behaviour.
completely correct, this was an answer to some "hey we can't public
logs because people are using bad words here".
Post by Lars Wirzenius
If it did, nobody would be an ass on Facebook, Google+, or Twitter
unless they've taken care to hide their identity well. Yet people are
posting, using their real names, sexist and racist slurs, even death
threats. Not to mention newspapers and TV.
sigh, true, unfortunately nobody seems responsible anymore for
his behaviour.
Post by Lars Wirzenius
If there's a problem with how people behave on IRC, that should be
addressed directly.
sure, but this is not something I have to discuss, I don't have such
problem, I just think logs are useful :)
Post by Lars Wirzenius
Post by Gianfranco Costamagna
You want to protect privacy but you know privacy doesn't exist on public places.
I disgree strongly.
If I sit on a park bench with a friend and we discuss something, we
have an expectation of privacy. If you record our conversation and
play it on the radio, you've violated our privacy.
true
Post by Lars Wirzenius
Post by Gianfranco Costamagna
(it would be nice if some removed developer going away after some
bad flame war over Debian would publish *all* the logs just for fun)
How will you protect the privacy then?
You're suggesting that someone publish non-public discussions? Becuase
it would be fun? Seriously?
I didn't suggest that, but privacy online is seriously something that
*doesn't* exist, and people not understanding that are simply wrong.
you can have some false idea of privacy online, the website gets
hacked, or a bug shows logs on the server, or somebody else hacks
your pc.
In a park the damage you can do is limited, online is really worse the situation

(I remember some leaks of some websites for adults, leaking real email addresses
and real passwords)


so, saying "somebody violating my privacy is wrong", when "somebody" can be "null" or
"really difficult to track because vpn/tor", doesn't protect you much more.
Post by Lars Wirzenius
Post by Gianfranco Costamagna
People should be responsible for what they say, regardless where
they say. We are not kids anymore.
I'll be sending a handyman to install a webcam and microphone in your
bathroom and bedroom. I've also engaged a private investigator firm to
follow you and record all discussions you have with friends. The ones
that mention or refer to Debian will be posted to
meetings-archive.debian.net. A team of volunteers will transcribe them
and post them to identi.ca. After all, ýou need to be responsible for
anything you say, at any time, in any place, in any context.
well, bathroom and bedroom are more private than irc I would say, but
sometimes even the context has to be considered when saying something
Post by Lars Wirzenius
More constructively... if you have a point that specific disucssions
about, say, release management should be made more public, then make a
specific suggestion about that, with justificiations why it's a good
idea. Saying that all Debian IRC channels should be logged publically
is too broad to be acceptable to a large number of people.
And finally the point is there.
If you look closely to my first email I never said "all", and specially
I don't care about many channels (even -devel or -mentors might be useless
when not connected to the internet).
I even provided a list, -release, -ftp, -buildd.

so, the question still stands.
Dear DPL candidate, how do you feel about having *some* irc channels of public
interest being available for offline users?

Gianfranco
Mehdi Dogguy
2017-04-08 07:51:27 UTC
Permalink
Post by Gianfranco Costamagna
(this question was on debian-vote by purpose, and was directed to DPL,
I'll drop -vote on the next email)
Post by Lars Wirzenius
(Replies redirected to debian-project, since this has nothing to do
with the DPL election anymore.)
sigh, I agree
(I would have used -devel to have a public discussion, this wasn't
the case, but meh, it is nice to discuss such things anyway)
Post by Lars Wirzenius
I guestion the usefulness of IRC logs for that kind of thing. The log
shows that, say, a package was discussed three hours ago. Has the
situation changed? It might have, but without anyone mentioning it on
IRC, and therefor in the log. The kinds of things that are discussed
on IRC tend be quickly changing. Logs are not useful for those. In my
opinion and experience.
I had many times written something just some minutes after somebody else.
You might question it, I might agree with you, but in my life I have a lot
of use-cases of this being useful
(e.g. my uploads not being accepted, a quick look on -ftp channel logs
can show signs of dak sadness).
But anyway, I don't see any added value of discussing what I find useful
and what you find useful :)
Post by Lars Wirzenius
This does not match my observations of reality. People seem happy to
behave quite badly using their own names in public fora as it is.
Making IRC channels public is unlikely to have much effect on
behaviour.
completely correct, this was an answer to some "hey we can't public
logs because people are using bad words here".
Post by Lars Wirzenius
If it did, nobody would be an ass on Facebook, Google+, or Twitter
unless they've taken care to hide their identity well. Yet people are
posting, using their real names, sexist and racist slurs, even death
threats. Not to mention newspapers and TV.
sigh, true, unfortunately nobody seems responsible anymore for
his behaviour.
Post by Lars Wirzenius
If there's a problem with how people behave on IRC, that should be
addressed directly.
sure, but this is not something I have to discuss, I don't have such
problem, I just think logs are useful :)
Post by Lars Wirzenius
Post by Gianfranco Costamagna
You want to protect privacy but you know privacy doesn't exist on public places.
I disgree strongly.
If I sit on a park bench with a friend and we discuss something, we
have an expectation of privacy. If you record our conversation and
play it on the radio, you've violated our privacy.
true
Post by Lars Wirzenius
Post by Gianfranco Costamagna
(it would be nice if some removed developer going away after some
bad flame war over Debian would publish *all* the logs just for fun)
How will you protect the privacy then?
You're suggesting that someone publish non-public discussions? Becuase
it would be fun? Seriously?
I didn't suggest that, but privacy online is seriously something that
*doesn't* exist, and people not understanding that are simply wrong.
you can have some false idea of privacy online, the website gets
hacked, or a bug shows logs on the server, or somebody else hacks
your pc.
In a park the damage you can do is limited, online is really worse the situation
(I remember some leaks of some websites for adults, leaking real email addresses
and real passwords)
so, saying "somebody violating my privacy is wrong", when "somebody" can be "null" or
"really difficult to track because vpn/tor", doesn't protect you much more.
Post by Lars Wirzenius
Post by Gianfranco Costamagna
People should be responsible for what they say, regardless where
they say. We are not kids anymore.
I'll be sending a handyman to install a webcam and microphone in your
bathroom and bedroom. I've also engaged a private investigator firm to
follow you and record all discussions you have with friends. The ones
that mention or refer to Debian will be posted to
meetings-archive.debian.net. A team of volunteers will transcribe them
and post them to identi.ca. After all, ýou need to be responsible for
anything you say, at any time, in any place, in any context.
well, bathroom and bedroom are more private than irc I would say, but
sometimes even the context has to be considered when saying something
Post by Lars Wirzenius
More constructively... if you have a point that specific disucssions
about, say, release management should be made more public, then make a
specific suggestion about that, with justificiations why it's a good
idea. Saying that all Debian IRC channels should be logged publically
is too broad to be acceptable to a large number of people.
And finally the point is there.
If you look closely to my first email I never said "all", and specially
I don't care about many channels (even -devel or -mentors might be useless
when not connected to the internet).
I even provided a list, -release, -ftp, -buildd.
so, the question still stands.
Dear DPL candidate, how do you feel about having *some* irc channels of public
interest being available for offline users?
I feel bad about that. As explained elsewhere, it is not the spirit of
usage of IRC, at least in Debian. But ultimately, I think it is a project
decision if (for example) we want to make a #debian-recorded channel but
I would not support it, personally.

There are simple technical measures that you could personally put in place
to follow some channels.
--
Mehdi
Paul Wise
2017-04-08 07:56:09 UTC
Permalink
having *some* irc channels of public interest being available for offline users?
FYI, #debian on both OFTC and freenode are publicly logged:

http://ibot.rikers.org/%23debian/
http://irclogs.thegrebs.com/debian/
--
bye,
pabs

https://wiki.debian.org/PaulWise
Wouter Verhelst
2017-04-06 18:45:53 UTC
Permalink
Post by Gianfranco Costamagna
Hello Mehdi and Chris,
Debian has a "we don't hide things" wording in his constitution.
However we don't have a public irc log system, and most
of the conversations between us are happening there.
How do you relate to that issue? Do you see it as a problem,
or do you think people should join irc to read our conversations?
(channels protected by a passphrase are of course out of this question).
Please no.

Most of our IRC channels are public, and that's how it should be.
However, there's a difference between "anyone can join and follow the
conversation now", and "anyone can read me being in a bad mood and
saying things I'll regret later for all eternity". For one thing, if you
see me being in a bad mood and ranting aloud, you might want to ask
what's going on, and I could realize that I'm misbehaving (as per our
CoC). Not so with public IRC logs.

We do have meetbot, whichi is useful for meetings. Some of us (me
included) do keep their IRC client running "always"[1], and keep
private logs pretty much forever. I have been known to sometimes quote
from that IRC log publicly[2]. There is a world of difference between
doing that and making *all* our IRC conversations public, however.

Transparency is a good thing, but so is privacy.

[1] Servers do get rebooted, and sometimes you forget to restart the
clint. That's a detail, obviously.
[2] See my .sig ;-)
--
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
people in the world who think they really understand all of its rules,
and pretty much all of them are just lying to themselves too.
-- #debian-devel, OFTC, 2016-02-12
Chris Lamb
2017-04-08 05:51:43 UTC
Permalink
Dear Gianfranco,

Apologies for the delay in getting back to you.
we don't have a public irc log system, and most of the
conversations between us are happening there.
Personally, I wouldn't say "most conversations" here, but I am
trying to avoid this conversation becoming a debate on the minutiæ…

I would concede that that there are some advantages to having public
IRC logging, but I don't see anywhere near enough advantage to warrant
the Leader pushing it as a policy, as well as many disadvantages and,
naturally, an extremely high switching cost.

This is despite me veing very much in favour of asking questions in
public — which admittedly isn't exactly same as logging — even going
so far as to write a blog post about it:

https://chris-lamb.co.uk/posts/dont-ask-your-questions-in-private

Did you have specific types of conversations in mind when you addressed
your question? Perhaps ensuring those become transparent in another way
would assuage your concerns.


Regards,
--
,''`.
: :' : Chris Lamb
`. `'` ***@debian.org / chris-lamb.co.uk
`-
Gianfranco Costamagna
2017-04-08 10:15:51 UTC
Permalink
Hello Chris!
Post by Chris Lamb
Apologies for the delay in getting back to you.
lol, apologies not accepted :p
The new queue is nearly empty, so thanks to all of you ftpmasters!
Post by Chris Lamb
Personally, I wouldn't say "most conversations" here, but I am
trying to avoid this conversation becoming a debate on the minutiæ…
yeah, I might have written something like
"a lot of useful conversations" :)
Post by Chris Lamb
I would concede that that there are some advantages to having public
IRC logging, but I don't see anywhere near enough advantage to warrant
the Leader pushing it as a policy, as well as many disadvantages and,
naturally, an extremely high switching cost.
this is a valid point, thanks
Post by Chris Lamb
This is despite me veing very much in favour of asking questions in
public — which admittedly isn't exactly same as logging — even going
https://chris-lamb.co.uk/posts/dont-ask-your-questions-in-private
nice reading, thanks for sharing it!
Post by Chris Lamb
Did you have specific types of conversations in mind when you addressed>your question? Perhaps ensuring those become transparent in another way
would assuage your concerns.
As said, a lot of times I have to read #-ftp #-buildd #-logs and maybe #-devel-changes
(or whatever is called).

e.g. bugs on #-devel-changes are useful to have a track of new bugs, new unblock requests
(during freeze times), or just to know which packages have interest in the community.

#-ftp is a nice place to know how dak is happy (and yeah, probably such logs are useful in
a context of some hours after somebody wrote that stuff)
same for #-buildd, to know chroot issues, or toolchain related sadness (e.g. all the recent
binutils failures on mips/powerpc)

#-release... well it is our main goal to release, so reading conversations there is a must for us :p

(also, I can know how fast I have to fix RC bugs, or see opinions by our RT team on various
topics).

thanks

Gianfranco
Chris Lamb
2017-04-09 08:43:21 UTC
Permalink
Gianfranco,
Post by Gianfranco Costamagna
Post by Chris Lamb
Did you have specific types of conversations in mind when you
addressed your question? Perhaps ensuring those become transparent
in another way would assuage your concerns.
As said, a lot of times I have to read #-ftp #-buildd #-logs and
maybe #-devel-changes (or whatever is called).
It would seem to me that there are many other ways of being appraised of
the current status of these services that do not require the channels to
be publically logged.


Regards,
--
,''`.
: :' : Chris Lamb
`. `'` ***@debian.org / chris-lamb.co.uk
`-
Mehdi Dogguy
2017-04-08 07:47:38 UTC
Permalink
Post by Gianfranco Costamagna
Hello Mehdi and Chris,
Debian has a "we don't hide things" wording in his constitution.
However we don't have a public irc log system, and most
of the conversations between us are happening there.
How do you relate to that issue? Do you see it as a problem,
or do you think people should join irc to read our conversations?
(channels protected by a passphrase are of course out of this question).
To be honest, I also wondered why IRC channels were not logged when I
started contributing to Debian. Later, I understood that people used
IRC to communicate like they would do in real life. As such, we will
not try to record every conversation held between two contributors.

I understand it is not easy to follow IRC channels. Many things are
said out there. Many of what is said there can be found on mailing
lists as well. You may install a permanent IRC client that would
record some targeted IRC channels' activity, as pointed out by martin.

I also agree what others have said in this thread.
--
Mehdi
Gunnar Wolf
2017-04-09 05:16:13 UTC
Permalink
Post by Mehdi Dogguy
To be honest, I also wondered why IRC channels were not logged when I
started contributing to Debian. Later, I understood that people used
IRC to communicate like they would do in real life. As such, we will
not try to record every conversation held between two contributors.
I'm surprised nobody has said so far something along the following
lines, which I feel to be quite obvious.

Our goals by archiving our communications via mailing lists is not
"just" to prove everything we do is done in public. A mailing list
message is usually a self-sustaining piece of information, even as a
part of a conversation. They are easy to situate, and our usual
practices (i.e. inline quoting, preserving threading, the way we
handle Cc and Reply-to, etc.) help make each bit of information
meaningful and indexable.

IRC is just a shouting room. OK, sometimes it's way quieter, but each
channel just a stream of messages that hold very little "state" - If
you try to reconstruct what was said in an IRC conversation, if
anything, you will have the destinatary of some lines (as we hold the
convention of starting a line with <nickname><colon>).

IRC is great for live communication, but is a very very lousy
referential or citational material. Of course, that's one of the main
drivers behind bots such as Meetbot, which organizes what is said
during a specific interval by adding topicality and salient points. Of
course, Meetbot logs are publicly accessible.
Gianfranco Costamagna
2017-04-08 10:32:23 UTC
Permalink
Hello Mehdi
Post by Mehdi Dogguy
To be honest, I also wondered why IRC channels were not logged when I
started contributing to Debian. Later, I understood that people used
IRC to communicate like they would do in real life. As such, we will
not try to record every conversation held between two contributors.
ok
Post by Mehdi Dogguy
I understand it is not easy to follow IRC channels. Many things are
said out there. Many of what is said there can be found on mailing
lists as well. You may install a permanent IRC client that would
record some targeted IRC channels' activity, as pointed out by martin.
the problem is not having access to the logs, the problem is having a
"common/shared way of doing it"
It would be mostly fine even to just have a password protected irc log
server, only accessible to DDs.
Post by Mehdi Dogguy
I feel bad about that. As explained elsewhere, it is not the spirit of
usage of IRC, at least in Debian. But ultimately, I think it is a project
decision if (for example) we want to make a #debian-recorded channel but
I would not support it, personally.
no need to feel bad, I'm sharing my opinion, and useful stuff is already
said in public mail lists, it is just a matter of my personal comfort :)
Post by Mehdi Dogguy
There are simple technical measures that you could personally put in place
to follow some channels.
Yes sure, just I have some bad feeling about doing so.
I can put a server in place, what would happen if the server gets hacked and
conversations put out there?
How can I prevent a server running 24/7 from being super secured when opened
with an online access?

lots of people are already logging irc conversations, the probability of leaks
increase with the number of people doing that.
Security might also mean to have a single point of sharing knowledge, not a lot
of them.

Anyhow, I'll probably put an irc bouncer in place in the near future, even if I don't
think this is something nice to do.


thanks for sharing your opinion, appreciate it,


G.
Mehdi Dogguy
2017-04-08 11:52:31 UTC
Permalink
Post by Gianfranco Costamagna
the problem is not having access to the logs, the problem is having a
"common/shared way of doing it" It would be mostly fine even to just have a
password protected irc log server, only accessible to DDs.
It is not totally the same though. IRC lists people in channels. Most of the
users are not bots. So it is fine people record channel's activity as long as
they are listed as present in channels. It tells us who is able to read channels
conversations. People not there cannot. Putting logs on a servers (even
password protected) changes this logic. Putting an IRC logger is really fine
as long as you keep logs for you exclusive personal use.

Also, putting logs on a server contradicts your point below. Why would
Debian servers be less subject to cyber attacks than yours? Thinking about
it, it is even the contrary, IMO.
Post by Gianfranco Costamagna
[…]
Post by Mehdi Dogguy
There are simple technical measures that you could personally put in place
to follow some channels.
Yes sure, just I have some bad feeling about doing so. I can put a server in
place, what would happen if the server gets hacked and conversations put out
there? How can I prevent a server running 24/7 from being super secured when
opened with an online access?
Same could happen with your personal machine. The problem is not specific
to remote servers connected to internet. Also, as said above, same could
happen with an official Debian server.
Post by Gianfranco Costamagna
lots of people are already logging irc conversations, the probability of
leaks increase with the number of people doing that. Security might also mean
to have a single point of sharing knowledge, not a lot of them.
The issue at hand is not technical, really. We only assess that logs belong
to anyone present in the channel. It is personal, and not a common property.
If you want to follow the discussion, you can join the channel. At least,
that's how I understand it.

Also, one may argue that discussions happening at DebConf are even more
important than the few conversations we have on IRC. Yet, we do not record
conversations happening outside talk/BoF rooms.
--
Mehdi
Gianfranco Costamagna
2017-04-10 06:33:06 UTC
Permalink
Hello Mehdi
Post by Mehdi Dogguy
Also, putting logs on a server contradicts your point below. Why would
Debian servers be less subject to cyber attacks than yours? Thinking about
it, it is even the contrary, IMO.
Same could happen with your personal machine. The problem is not specific
to remote servers connected to internet. Also, as said above, same could
happen with an official Debian server.
The problem is not Debian vs me, but Debian vs a lot of people keeping logs
on their personal laptops + some servers around the world.

Having a single centralized log server (maybe password protected), will make
mostly useless for people keeping logs on their server/private pc, increasing
the overall security.
Security is not higher in case of N point of failures, specially because an attacker
would try to attack the weak link, not the most secured one

But probably such attacker wouldn't risk too much for such "useless for most" data.
(as said many times, this is a matter of convenience, not a real need)

G.
Wouter Verhelst
2017-04-10 07:23:48 UTC
Permalink
Post by Gianfranco Costamagna
The problem is not Debian vs me, but Debian vs a lot of people keeping
logs on their personal laptops + some servers around the world.
If you think that creating a central IRC log service will make people
stop logging Debian channels, you need to think again.

Many people don't keep logs as a personal choice, but because the
default in many (most?) IRC clients is to enable logging. If you want
that to change, you'll have to get all IRC clients in Debian to switch
that off, which I think is unlikely to happen.

Additionally, many of us don't log "just" Debian channels; instead, they
log all their channels. For me, that includes stuff like a few upstreams
who do lots of stuff on IRC, and FOSDEM channels. Creating a Debian IRC
logging service will not make those go away. Since it's easier to enable
logging as a global switch in many clients (indeed, I wouldn't be
surprised to learn that in most cases it's the only option), people will
still want to log Debian channels.

And that's even ignoring the fact that "leaking things from IRC" is not,
in my opinion, a viable threat that we should protect against.

Although I don't agree with it, I can understand the argument "we might
want to have a public IRC logging service to make things easier for
people". I do not, however, buy the argument "we need a central IRC
logging service for security". It makes no sense.
--
< ron> I mean, the main *practical* problem with C++, is there's like a dozen
people in the world who think they really understand all of its rules,
and pretty much all of them are just lying to themselves too.
-- #debian-devel, OFTC, 2016-02-12
Loading...