From: Rich Freeman <rich0@gentoo.org>
To: gentoo-project <gentoo-project@lists.gentoo.org>
Subject: Re: [gentoo-project] Questions for Gentoo Council nominees: GLEP 76
Date: Wed, 3 Jul 2019 07:13:52 -0400 [thread overview]
Message-ID: <CAGfcS_=qTDHk=siJYe1J9HJBAFU=_et5q9BDofh8_X9YuiRExg@mail.gmail.com> (raw)
In-Reply-To: <4a423877-c053-7693-4f85-223b5a6e064c@gentoo.org>
On Wed, Jul 3, 2019 at 12:31 AM desultory <desultory@gentoo.org> wrote:
>
> You based your argument on your preference, as opposed to reality.
This entire thread is about preference. The reality is that you need
to use your real name to contribute to Gentoo right now. You would
prefer that it be otherwise. There is no harm in expressing that.
> Accepting and providing payments are fairly basic operations
> for legal entities to engage in, even if the foundation were to be
> dissolved there would still be financial transactions apropos Gentoo.
If we were operating under an umbrella org, Gentoo would not be
legally responsible for these activities.
Also, I believe that these activities should STILL be minimized,
ideally towards zero. Physical servers and bank accounts are
vulnerabilities that can be disrupted. The less you depend on them,
the more resilient you are.
If Gentoo were nothing more than a git repo it would be almost
impossible to disrupt its operations as these are trivially
replicated. If the services it did run were entirely open they would
be trivially mirrored (I mean open everything - not just the upstream
code, but all our configs/etc - obviously short of the credentials).
Yes, I'm obviously speaking aspirationally, but the principle is still
valid. IMO FOSS solutions for replacing some of the infra-heavy
existing solutions like bugzilla are lacking, so this could be a long
road. However, anytime we deploy something new we should be asking
whether any Gentoo user can trivially replicate the entire service
based on our documentation and published data (ideally with a few
lines), ideally including even authentication (no reason a Gentoo
credential shouldn't work on a non-Gentoo site in a world where
federation is common). If the answer is no, then we're creating a
dependency on some black box that could be taken away from us.
> In that case, you are advocating for having no: passwords, password
> hashes, private e-mail (including security related correspondence), no
> encryption keys, no signing keys, no pre-release code, no closed source
> code, no code not meant for release for any reason at all, no
> confidential data at all, and probably other things that I neglected to
> list.
None of those are really PII. However, we should certainly be
minimizing our dependence on all of these. We should depend on actual
PII even less, and I'm skeptical that we need to retain this at all if
we stop operating a legal entity.
I'm not saying that we'll ever reach zero, but anytime we can
accomplish our goals without resorting to using the laundry list of
stuff you just provided, we should.
--
Rich
next prev parent reply other threads:[~2019-07-03 11:14 UTC|newest]
Thread overview: 110+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-15 9:42 [gentoo-project] Questions for Gentoo Council nominees Andrew Savchenko
2019-06-15 9:49 ` [gentoo-project] Questions for Gentoo Council nominees: GLEP 76 Andrew Savchenko
2019-06-15 10:20 ` Ulrich Mueller
2019-06-15 16:17 ` Kristian Fiskerstrand
2019-06-16 22:01 ` Thomas Deutschmann
2019-06-18 14:12 ` William Hubbs
2019-06-18 15:43 ` Luca Barbato
2019-06-18 15:47 ` William Hubbs
2019-06-24 22:18 ` Andrew Savchenko
2019-06-25 6:15 ` Michał Górny
2019-06-28 11:49 ` Andrew Savchenko
2019-06-28 12:09 ` Rich Freeman
2019-06-28 17:51 ` Andrew Savchenko
2019-06-30 4:48 ` desultory
2019-06-30 18:53 ` Rich Freeman
2019-07-01 5:02 ` desultory
2019-07-01 11:59 ` Rich Freeman
2019-07-02 4:24 ` desultory
2019-07-02 11:57 ` Rich Freeman
2019-07-03 4:31 ` desultory
2019-07-03 11:13 ` Rich Freeman [this message]
2019-07-04 4:32 ` desultory
2019-06-30 7:11 ` Patrick Lauer
2019-06-30 7:42 ` Michał Górny
2019-06-30 8:03 ` Patrick Lauer
2019-06-30 22:27 ` Robin H. Johnson
2019-07-01 1:31 ` Thomas Deutschmann
2019-06-15 10:00 ` [gentoo-project] Questions for Gentoo Council nominees: Power balance Andrew Savchenko
2019-06-15 10:34 ` Ulrich Mueller
2019-06-15 21:25 ` Andreas K. Huettel
2019-06-16 7:31 ` Mikle Kolyada
2019-06-16 15:56 ` Roy Bamford
2019-06-16 22:18 ` Thomas Deutschmann
2019-06-17 1:38 ` Kristian Fiskerstrand
2019-06-18 14:41 ` William Hubbs
2019-06-30 7:26 ` Patrick Lauer
2019-06-15 10:24 ` [gentoo-project] Questions for Gentoo Council nominees: Bringing new people Andrew Savchenko
2019-06-15 16:24 ` Kristian Fiskerstrand
2019-06-15 21:23 ` Andreas K. Huettel
2019-06-16 18:51 ` Mikle Kolyada
2019-06-16 22:21 ` Thomas Deutschmann
2019-06-19 2:39 ` William Hubbs
2019-06-16 18:09 ` [gentoo-project] Questions for Gentoo Council nominees: Gentoo as hobbyist distro Michał Górny
2019-06-16 19:13 ` Kristian Fiskerstrand
2019-06-16 22:39 ` Thomas Deutschmann
2019-06-19 6:24 ` Mikle Kolyada
2019-06-19 15:45 ` William Hubbs
2019-06-21 14:55 ` Mikle Kolyada
2019-06-19 14:32 ` William Hubbs
2019-06-20 14:48 ` Andreas K. Huettel
2019-06-21 13:21 ` [gentoo-project] Questions for Gentoo Council nominees: your achievements Michał Górny
2019-06-21 20:46 ` Kristian Fiskerstrand
2019-06-21 22:59 ` Georgy Yakovlev
2019-06-22 6:44 ` Ulrich Mueller
2019-06-22 7:06 ` Michał Górny
2019-06-22 22:57 ` Mikle Kolyada
2019-06-24 11:05 ` Mart Raudsepp
2019-06-24 11:25 ` [gentoo-project] Questions for Gentoo Council nominees: traits of a good Council member Michał Górny
2019-06-24 23:23 ` [gentoo-project] Questions for Gentoo Council nominees: Gentoo Foundation Robin H. Johnson
2019-06-26 19:45 ` Kristian Fiskerstrand
2019-06-26 21:54 ` Matthew Thode
2019-06-26 22:03 ` Kristian Fiskerstrand
2019-06-26 22:06 ` Kristian Fiskerstrand
2019-06-26 22:13 ` Matthew Thode
2019-06-26 22:28 ` Kristian Fiskerstrand
2019-06-30 19:21 ` Andreas K. Huettel
2019-06-26 22:08 ` Matthew Thode
2019-06-26 22:15 ` Michael Everitt
2019-06-26 22:22 ` Kristian Fiskerstrand
2019-06-28 23:49 ` Andreas K. Huettel
[not found] ` <20190630215422.GA22747@bubba.lan>
2019-06-30 21:55 ` Aaron Bauman
2019-07-01 7:50 ` Michał Górny
2019-07-01 9:31 ` Roy Bamford
2019-07-01 9:52 ` Michał Górny
2019-07-01 10:02 ` Michael Everitt
2019-07-01 10:04 ` Michael Everitt
2019-07-01 19:42 ` Andreas K. Huettel
2019-07-01 19:44 ` Andreas K. Huettel
2019-07-01 20:10 ` Alec Warner
2019-07-01 21:14 ` Roy Bamford
2019-07-02 12:40 ` Kristian Fiskerstrand
2019-07-01 11:26 ` Roy Bamford
2019-07-01 12:07 ` Rich Freeman
2019-07-01 19:34 ` Andreas K. Huettel
2019-07-03 4:42 ` desultory
2019-07-03 6:12 ` [gentoo-project] Questions for Gentoo Council nominees: Gentoo Foundation - Treasurer Response! Robin H. Johnson
2019-07-03 9:51 ` Michael Everitt
2019-07-03 10:47 ` Rich Freeman
2019-07-03 11:05 ` Michael Everitt
2019-07-03 11:22 ` Rich Freeman
2019-07-03 11:27 ` Kristian Fiskerstrand
2019-07-03 12:27 ` Rich Freeman
2019-07-03 13:45 ` Kristian Fiskerstrand
2019-07-03 12:56 ` [gentoo-nfp] " Michał Górny
2019-07-03 13:08 ` Rich Freeman
2019-07-03 13:17 ` Michał Górny
[not found] ` <20190703143429.yfieiru7cyykr5ca@gentoo.org>
[not found] ` <6b84c0a026551472a05e776921182ba8dae6fb1e.camel@gentoo.org>
[not found] ` <138757e484f751d567fb2702ce27de3e3e215a15.camel@gentoo.org>
2019-07-04 2:05 ` [gentoo-nfp] Re: [gentoo-project] Questions for Gentoo Council nominees: Gentoo Foundation - Treasurer Response! (part 2) Robin H. Johnson
2019-06-30 10:36 ` [gentoo-project] Questions for Gentoo Council nominees Roy Bamford
2019-06-30 16:48 ` Thomas Deutschmann
2019-06-30 20:17 ` Andreas K. Huettel
2019-07-04 2:14 ` [gentoo-project] Questions for Gentoo Council nominees: Council demands on maintainers & council legal liability Robin H. Johnson
2019-07-04 6:26 ` Michał Górny
2019-07-04 8:03 ` Kristian Fiskerstrand
2019-07-04 20:33 ` Alec Warner
2019-07-04 23:46 ` Kristian Fiskerstrand
2019-07-06 2:54 ` desultory
2019-07-04 13:36 ` Thomas Deutschmann
2019-07-04 16:37 ` Ulrich Mueller
2019-07-04 18:49 ` Thomas Deutschmann
2019-07-04 19:22 ` Ulrich Mueller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAGfcS_=qTDHk=siJYe1J9HJBAFU=_et5q9BDofh8_X9YuiRExg@mail.gmail.com' \
--to=rich0@gentoo.org \
--cc=gentoo-project@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox