I'm one of the small minority of people who have a very negative
opinion about gmail.  I realise I'm a bit of a kook on this subject
and I'd ideally I'd like to avoid having an enormous flamewar about
it.

However, it has come to my attention that at least one developer
appears to be reading debian-private at their gmail account.

I think that this is a violation of the privacy rules surrounding the
debian-private list.  Google should not get a copy of debian-private,
even if the only current output is aggregate keyword hit reports
(ie ad presentation rate data).

Note that this applies to _any_ email provider with similar privacy
and processing concerns.  I have no idea whether other webmail
providers' privacy practices are (nowadays) as bad from my personal
point of view, or as conflicting with the debian-private policy, as
Gmail's.

But it seems clear that Gmail's processing isn't compatible with
debian-private.

A Debian developer should cause debian-private to be processed only as
is necessary for providing developers with good and convenient access
to the mailing list.  They should not cause debian-private to be
distributed to computers whose owners and operators cannot be expected
to refrain from processing the content in other ways.

Ian.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.or
g

[ Post a follow-up to this message ]

Ian Jackson wrote:

[snip]

> But it seems clear that Gmail's processing isn't compatible with
> debian-private.
>
> A Debian developer should cause debian-private to be processed only as
> is necessary for providing developers with good and convenient access
> to the mailing list.  They should not cause debian-private to be
> distributed to computers whose owners and operators cannot be expected
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^^^
> to refrain from processing the content in other ways.
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^^^^^^^^^^^^

I'm not one of the people you are accusing, but I have to comment.  The
phrase I underline above applies to *any* computer that is not under
direct control of the Debian developer.  If you are sufficiently
paranoid, you could argue that any ISP might be subpoenaed at any time
for the contents of someone's mailbox, some rogue admin of the ISP might
decide to read customers' email, or even that someone might be sniffing
SMTP traffic on the net.

Taken to extremes, this implies that (1) DD's should only receive mail
sent to boxes under their own control and (2) all mail passing through
debian-private should, for each subscriber to the list, be encrypted
individually to the public key on file for her/him.

Come to think of it, (2) isn't a bad idea.  Is it feasible for this to
be done transparently?  Mailing list admins, any comments?

regards,

--
Kevin B. McCarty <kmccarty@princeton.edu>   Physics Department
WWW: http://www.princeton.edu/~kmccarty/    Princeton University
GPG: public key ID 4F83C751                 Princeton, NJ 08544


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.or
g

[ Post a follow-up to this message ]

Scripsit "Kevin B. McCarty" <kmccarty@Princeton.EDU>

> Taken to extremes, this implies that (1) DD's should only receive mail
> sent to boxes under their own control and (2) all mail passing through
> debian-private should, for each subscriber to the list, be encrypted
> individually to the public key on file for her/him.

> Come to think of it, (2) isn't a bad idea.  Is it feasible for this to
> be done transparently?

It may or may not be feasible to do it transparently on the list
software side, but it certainly isn't feasible to do it on the reader
side. I for one certainly am not going to make a daily effort to move
mail from the internet-connected box to the one that knows my secret
key, and type in my 100+ character passphrase several times in order
just to get to know that ${INSERT_RANDOM_DD} will be on vacation.
Better to drop -private completely then, and what does that gain
anybody?

--
Henning Makholm              "I Guds Faders namn, och Sonens, och den Helige
Andes! Bevara oss från djävulens verk och från Muhammeds,
den förbannades, illfundigheter! Med dig är det värre än med
någon annan, ty att lyssna till Muhammed är det värsta av allt."


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.or
g

[ Post a follow-up to this message ]

Kevin B. McCarty wrote:
> Taken to extremes, this implies that (1) DD's should only receive mail
> sent to boxes under their own control and (2) all mail passing through
> debian-private should, for each subscriber to the list, be encrypted
> individually to the public key on file for her/him.
> 
> Come to think of it, (2) isn't a bad idea.  Is it feasible for this to
> be done transparently?  Mailing list admins, any comments?

I think that Nick Moffitt ran a mailing list with mailman for a while
that operated like this. Should be even easier for -private since we
have all potential subscribers' gpg keys on file already.

It would, however, probably be difficult to read such a mailing list in
gmail. ;-)

-- 
see shy jo

Attachment:
This has been downloaded 0 time(s).

[ Post a follow-up to this message ]

On 5/24/06, Ian Jackson <ian@davenant.greenend.org.uk> wrote:
>
> However, it has come to my attention that at least one developer
> appears to be reading debian-private at their gmail account.

doh! i have been caught 

it's nice to have your personal gobal & searchable mailing list
archive, where you can really find anything you have ever received.

sorry, i already switched to a safer address, sob..

ciao
dom

-----[ Domenico Andreoli, aka cavok
--[ http://people.debian.org/~cavok/gpgkey.asc
---[ 3A0F 2F80 F79C 678A 8936  4FEE 0677 9033 A20E BC50

[ Post a follow-up to this message ]

On Wed, May 24, 2006 at 04:09:07PM -0400, Kevin B. McCarty wrote:

> (2) all mail passing through debian-private should, for each
> subscriber to the list, be encrypted individually to the public key
> on file for her/him.

> Come to think of it, (2) isn't a bad idea.  Is it feasible for this
> to be done transparently?  Mailing list admins, any comments?

There is a barely maintained patch for Mailman to implement
this. Whether we want to suffer all the pain of using Mailman only in
exchange for this is another matter completely.

--
Lionel


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.or
g

[ Post a follow-up to this message ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ian Jackson wrote:
> Kevin B. McCarty writes ("Re: sending debian-private postings to gmail"): 
[snip][vbcol=seagreen]
>
> However, it is _not_ silly to observe that Google are counting up how
> many times certain keywords appear and providing reports to their
> advertisers.  We don't know exactly what those reports look like but
> it might be quite easy to find out what topics are being discussed on
> debian-private.
>
> It's clear that Google think they have the legal right (given to them
> by the developer-user) to facilitate that and it's also clear that
> they have no particular reason to spend effort thinking about how to
> make it difficult for their advertiser customers to do that kind of
> thing.

ROT13?  Such "encryption" would not hinder the NSA, but would bollox
Google's keyword counting.

Do any modern GUI MUAs do ROT13 anymore?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFEdh/ eS9HxQb37XmcRAsddAJ9S4dFCU1ljj5lEXQlQMGp
QPVgxGgCgwv2/
ggHhMVQOSZ8ZVn7EvGk3Y00=
=uW7C
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.or
g

[ Post a follow-up to this message ]

On Thu, May 25, 2006 at 02:13:38AM +0200, Henning Makholm wrote:
> Scripsit "Kevin B. McCarty" <kmccarty@Princeton.EDU>
> 
> 
>
> It may or may not be feasible to do it transparently on the list
> software side, but it certainly isn't feasible to do it on the reader
> side. I for one certainly am not going to make a daily effort to move
> mail from the internet-connected box to the one that knows my secret
> key, and type in my 100+ character passphrase several times in order
> just to get to know that ${INSERT_RANDOM_DD} will be on vacation.
> Better to drop -private completely then, and what does that gain
> anybody?


If we are to be paranoid, another possibility is that a POP server
is made available in a Debian controlled box just for debian-private
use by DD, so debian-private mail is sent there, and nowhere else, and
retrieved from there by DD. Some security adjustments might be needed.

--
Agustin


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.or
g

[ Post a follow-up to this message ]

Kevin B. McCarty wrote:
>
> Come to think of it, [pgp encrypting each message] isn't a bad idea.  
Is it feasible for this to
> be done transparently?  Mailing list admins, any comments?

I suspect that the end result of this would be more people keeping their
GPG keys unencrypted on Internet-accessible machines.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.or
g

[ Post a follow-up to this message ]

Xref: number1.nntp.dca.giganews.com linux.debian.devel:192119

Domenico Andreoli wrote:
> it's nice to have your personal gobal & searchable mailing list
> archive, where you can really find anything you have ever received.

Even though it is nice, it's also problematic to scatter around
private and hence sensitive (at least temporarily sensitive)
information on a system that uses this as content for various
ratings.  I also have some doubts the mails are really deleted
from the disks and archives when you delete them in your interface.

Hence, I have to admit that Ians reasons are valid.

> sorry, i already switched to a safer address, sob..

Thank you.

Regards,

Joey

--
Have you ever noticed that "General Public Licence" contains the word "Pub"?

Please always Cc to me when replying to me on the lists.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.or
g

[ Post a follow-up to this message ]