Re: follow-up to report 22

[David Kastrup]

Graham Percival <address@hidden> writes:

> ------ from my comment 3
> Before discussing anything specific, I want to settle the abstract
> question "should an OSS project have any kind of private mailing
> list?".  You have two options:
>
> 1) Give an argument why they should not.  In particular, explain
> why Kurt Fogel is wrong.  Explain how we should discuss giving
> people git access in a public, archived forum.  Explain how we can
> safely discuss unpatched security flaws in public.
>
> 2) Agree that an OSS project can, in theory, have a private
> mailing list.

Unpatched security flaws affect a small circle of people when we are
talking about server security, and a possibly large circle when we are
talking about application security.

Commit access affects a different small circle of people.  If somebody
uses Savannah to ask for commit access for CVS-based projects, a mail
will be sent to all people with project administrator status.  A similar
setting would seem to apply for git access.

Both scenarios involve a clearly-defined set of principally responsible
people, defined by technical necessities rather than a fuzzy "people
we(tm) feel good about" criterion.

I am not particularly emotionally affected, merely trying to explain why
others might feel more strongly about this.

-- 
David Kastrup