Re: [Libcdio-devel] Rock Ridge and libisofs/xorriso 'AL' extension

[Pete Batard]

On 2017.07.25 17:44, Thomas Schmitt wrote:
> Is there a way to approach moderators in advance ?

I would think there is, but I haven't gone through that exercise myself 
(the interactions I've had were in reply to an edit, or through the user 
page, which each Wikipedia contributor gets).

I expect the means to contact moderators can be found on Wikipedia. The 
other thing you may do is create a new topic on the Talk page that is 
associated with each Wikipedia entry (in this case 
https://en.wikipedia.org/wiki/Talk:Rock_Ridge) mentioning your 
request... and wait until someone picks it up.

> I could submit a plan
> how to restructure the Rock Ridge article and disclose my conflicts of
> interest.

If it were up to me, I would go at it this way:

1. On the talk page, mention the intention to edit the page, as well as 
the potential conflict of interest, and leave sufficient time (e.g. 1 
month) for someone to comment or object.

2. If noone opposes the plan from the Talk page, got for the edit(s), 
while making sure that on the reason for editing, you indicate your 
affiliation/possible conflict of interest.

3. If a Wikipedia moderator then engages with you post-edit, point them 
to the very explicit steps you have taken above, as well as the fact 
that this is obviously a technical subject, where bias is much easier 
for other contributors to spot and correct, than what is the case with 
"soft" subjects.

But then again, I'd suggest you try to engage with a moderator if you 
can. My experience, which was only with a very limited number of 
moderators (and a limited number of edits), leads me to think that such 
an approach is unlikely to lead to major recrimination, but of course, I 
can't speak for what the Wikipedia staff sees as the right way to go.


> > I can try to get back to the Kali maintainers on that, but I'm not
> > sure how much they're gonna like being asked about this for the 3rd time in
> > a row...
>
> Is that conversation public ?

Sure is: https://bugs.kali.org/view.php?id=4109

If you register an account, you should be able to comment, as the issue 
has not yet been closed. Haven't asked them about the command line yet 
since I decided to bite the bullet and install Kali to see it for myself 
(before finding out, about 1 hour ago, that the live ISO generation I 
started had failed on account of the 20GB virtual disk I was using being 
to small to extract all the packages. But at least, the live creation 
process doesn't require a lot of involvement besides waiting...)

> Funnily i am just today busy with explaining to an ISOLINUX user why
> i decided against publishing the xorrisofs options without explicit
> consent by the user.
> The Debian based genisoimage developers decided for the same, independently.

I can see your point, though personally, I like openness a lot better. 
It's not like we're going to be dealing with a private keys or passwords 
here (or is there encryption that can be involved during ISO generation 
with xorriso?), and when there's a lot of incentive for reproducible 
builds these days, I don't really like the idea of security through 
(semi) obscurity.

IMO, better leave the people who don't want the benefit of openness, yet 
chose to use an Open Source tool, fork their own version that hides the 
command line options if that is their wish... Plus, a lot of these ISOs 
are going to be used for boot, where you certainly want to make sure 
nothing funky has been going on during the media creation process.

> Very firmly, with my GNU xorriso maintainer hat on: Not by default.
>
> I dimly remember to have read statements by FSF that we do not rat out
> our users.

I still fail to see what kind of private information there is to rat 
out, especially in options that may be critical to determine if a boot 
ISO, one has been downloading off the Internet, is trying to do 
something dodgy.

Personal information dissemination must certainly be opt-in. But the way 
I understand it, this is not user information we're dealing with here... 
Or does xorriso include options that you think could be used to 
individually identify a user (e.g. IP, uid/gid, etc.)?

> > I'm not sure there's much to find in live-build-config.
> > http://files.akeo.ie/live-build-config/
>
> Hrmpf, nothing to see of mkisofs options or a xorriso run.

Yeah. I'm still going to try to complete a live Kali build, and post the 
default ISO generation command line when I get it, but I need to resize 
my disk first, which probably won't happen before tomorrow.
Regards,

/Pete