๐
Original date posted:2015-06-14
๐ Original message:* ACK on moving away from SourceForge mailing lists - though only once a
community-welcomed replacement is up and running
* ACK on using LF as a mailing infrastructure provider
* Research secure mailing list models, for bitcoin-security. The list is
not ultra high security - we all use PGP for that - but it would perhaps be
nice to find some spiffy cryptosystem where mailing list participants
individually hold keys & therefore access.
On Sun, Jun 14, 2015 at 6:12 AM, Warren Togami Jr. <wtogami at gmail.com>
wrote:
> Discomfort with Sourceforge
>
> For a while now people have been expressing concern about Sourceforge's
> continued hosting of the bitcoin-dev mailing list. Downloads were moved
> completely to bitcoin.org after the Sept 2014 hacking incident of the SF
> project account. The company's behavior and perceived stability have been
> growing to be increasingly questionable.
>
>
> http://www.theregister.co.uk/2013/11/08/gimp_dumps_sourceforge_over_dodgy_ads_and_installer
>
> November 2013: GIMP flees SourceForge over dodgy ads and installer
>
> https://lwn.net/Articles/646118/
>
> May 28th, 2015: SourceForge replacing GIMP Windows downloads
>
> http://seclists.org/nmap-dev/2015/q2/194
>
> June 3rd, 2015: Sourceforge hijacked nmap's old site and downloads.
>
> When this topic came up over the past two years, it seemed that most
> people agreed it would be a good idea to move. Someone always suggests
> Google Groups as the replacement host. Google is quickly shot down as too
> controversial in this community, and it becomes an even more difficult
> question as to who else should host it. Realizing this is not so simple,
> discussion then dies off until the next time somebody brings it up.
>
>
> http://sourceforge.net/p/bitcoin/mailman/bitcoin-development/thread/1943127.DBnVxmfOIh%401337h4x0r/#msg34192607
>
> Somebody brought it up again this past week.
>
> It seems logical that an open discussion list is not a big deal to
> continue to be hosted on Sourceforge, as there isnโt much they could do to
> screw it up. I personally think moving it away now would be seen as a
> gesture that we do not consider their behavior to be acceptable. There are
> also some benefits in being hosted elsewhere, at an entity able to
> professionally maintain their infrastructure while also being neutral to
> the content.
>
> Proposal: Move Bitcoin Dev List to a Neutral Competent Entity
>
> Bitcoin is a global infrastructure development project where it would be
> politically awkward for any of the existing Bitcoin companies or orgs to
> host due to questions it would raise about perceived political control.
> For example, consider a bizarro parallel universe where MtGox was the
> inventor of Bitcoin, where they hosted its development infrastructure and
> dev list under their own name. Even if what they published was 100%
> technically and ideologically equivalent to the Bitcoin we know in our
> dimension, most people wouldn't have trusted it merely due to appearances
> and it would have easily gone nowhere.
>
> I had a similar thought process last week when sidechains code was
> approaching release. Sidechains, like Bitcoin itself, are intended to be a
> generic piece of infrastructure (like ethernet?) that anyone can build upon
> and use. We thought about Google Groups or existing orgs that already host
> various open source infrastructure discussion lists like the IETF or the
> Linux Foundation. Google is too controversial in this community, and the
> IETF is seen as possibly too politically fractured. The Linux Foundation
> hosts a bunch of infrastructure lists
> <https://lists.linuxfoundation.org/mailman/listinfo>; and it seems that
> nobody in the Open Source industry considers them to be particularly
> objectionable. I talked with LF about the idea of hosting generic
> Bitcoin-related infrastructure development lists. They agreed as OSS
> infrastructure dev is already within their charter, so early this week
> sidechains-dev list began hosting there.
>
> From the perspective of our community, for bitcoin-dev it seems like a
> great fit. Why? While they are interested in supporting general open
> source development, the LF has literally zero stake in this. In addition
> to neutrality, they seem to be suitable as a competent host. They have
> full-time sysadmins maintaining their infrastructure including the Mailman
> server. They are soon upgrading to Mailman 3
> <http://wiki.list.org/Mailman3>;, which means mailing lists would benefit
> from the improved archive browser. I am not personally familiar with
> HyperKitty, but the point here is they are a stable non-profit entity who
> will competently maintain and improve things like their Mailman deployment
> (a huge improvement over the stagnant Sourceforge). It seems that LF would
> be competent, neutral place to host dev lists for the long-term.
>
> To be clear, this proposal is only about hosting the discussion list. The
> LF would have no control over the Bitcoin Project, as no single entity
> should.
>
> Proposed Action Plan
>
>
> -
>
> Discuss this openly within this community. Above is one example of a
> great neutral and competent host. If the technical leaders here can agree
> to move to a particular neutral host then we do it.
> -
>
> Migration: The current list admins become the new list admins. We
> import the entire list archive into the new host's archives for user
> convenience.
> -
>
> http://sourceforge.net/p/bitcoin/mailman/ Kill bitcoin-list and
> bitcoin-test. Very few people actually use it. Actually, let's delete the
> entire Bitcoin Sourceforge project as its continued existence serves no
> purpose and it only confuses people who find it. By deletion, nobody has
> to monitor it for a repeat of the Sept 2014 hacking incident
> <https://www.phoronix.com/scan.php?page=news_item&px=MTc4Mzg>; or GIMP-type
> hijacking <https://lwn.net/Articles/646118/>;?
> -
>
> The toughest question would be the appropriateness of auto-importing
> the subscriber list to another list server, as mass imports have a tendency
> to upset people.
>
>
> Thoughts?
>
> Warren Togami
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-development at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitcoin-development
>
>
--
Jeff Garzik
Bitcoin core developer and open source evangelist
BitPay, Inc. https://bitpay.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150614/76fad066/attachment.html>;
Jeff Garzik [ARCHIVE] /
npub1kfโฆf3f58
2023-06-07 15:37:49
in reply to nevent1qโฆmp84
Author Public Key
npub1kf0ppcjaguxekg24yx6smgxlu73qn0k8lm0t2wrqc0scpl7u3sgsmf3f58Published at
2023-06-07 15:37:49Event JSON
{
"id": "30bc52e5e3a0c96c5814fcf6871cdf01088583ccfbc2bef45d899f99eb76db63",
"pubkey": "b25e10e25d470d9b215521b50da0dfe7a209bec7fedeb53860c3e180ffdc8c11",
"created_at": 1686152269,
"kind": 1,
"tags": [
[
"e",
"810d20bcf991f0775ab3cca311351e013d4d782191b318764a6f2045d4a0f082",
"",
"root"
],
[
"e",
"471ba4e2e3c34b44fffafc33b499651f021861b131ebde0ca3df1343b5ef7f26",
"",
"reply"
],
[
"p",
"8502a34ff455a038f6a04f4e3cd053dcbb5d711b89a3d211e65615b00e0ed65d"
]
],
"content": "๐
Original date posted:2015-06-14\n๐ Original message:* ACK on moving away from SourceForge mailing lists - though only once a\ncommunity-welcomed replacement is up and running\n\n* ACK on using LF as a mailing infrastructure provider\n\n* Research secure mailing list models, for bitcoin-security. The list is\nnot ultra high security - we all use PGP for that - but it would perhaps be\nnice to find some spiffy cryptosystem where mailing list participants\nindividually hold keys \u0026 therefore access.\n\n\nOn Sun, Jun 14, 2015 at 6:12 AM, Warren Togami Jr. \u003cwtogami at gmail.com\u003e\nwrote:\n\n\u003e Discomfort with Sourceforge\n\u003e\n\u003e For a while now people have been expressing concern about Sourceforge's\n\u003e continued hosting of the bitcoin-dev mailing list. Downloads were moved\n\u003e completely to bitcoin.org after the Sept 2014 hacking incident of the SF\n\u003e project account. The company's behavior and perceived stability have been\n\u003e growing to be increasingly questionable.\n\u003e\n\u003e\n\u003e http://www.theregister.co.uk/2013/11/08/gimp_dumps_sourceforge_over_dodgy_ads_and_installer\n\u003e\n\u003e November 2013: GIMP flees SourceForge over dodgy ads and installer\n\u003e\n\u003e https://lwn.net/Articles/646118/\n\u003e\n\u003e May 28th, 2015: SourceForge replacing GIMP Windows downloads\n\u003e\n\u003e http://seclists.org/nmap-dev/2015/q2/194\n\u003e\n\u003e June 3rd, 2015: Sourceforge hijacked nmap's old site and downloads.\n\u003e\n\u003e When this topic came up over the past two years, it seemed that most\n\u003e people agreed it would be a good idea to move. Someone always suggests\n\u003e Google Groups as the replacement host. Google is quickly shot down as too\n\u003e controversial in this community, and it becomes an even more difficult\n\u003e question as to who else should host it. Realizing this is not so simple,\n\u003e discussion then dies off until the next time somebody brings it up.\n\u003e\n\u003e\n\u003e http://sourceforge.net/p/bitcoin/mailman/bitcoin-development/thread/1943127.DBnVxmfOIh%401337h4x0r/#msg34192607\n\u003e\n\u003e Somebody brought it up again this past week.\n\u003e\n\u003e It seems logical that an open discussion list is not a big deal to\n\u003e continue to be hosted on Sourceforge, as there isnโt much they could do to\n\u003e screw it up. I personally think moving it away now would be seen as a\n\u003e gesture that we do not consider their behavior to be acceptable. There are\n\u003e also some benefits in being hosted elsewhere, at an entity able to\n\u003e professionally maintain their infrastructure while also being neutral to\n\u003e the content.\n\u003e\n\u003e Proposal: Move Bitcoin Dev List to a Neutral Competent Entity\n\u003e\n\u003e Bitcoin is a global infrastructure development project where it would be\n\u003e politically awkward for any of the existing Bitcoin companies or orgs to\n\u003e host due to questions it would raise about perceived political control.\n\u003e For example, consider a bizarro parallel universe where MtGox was the\n\u003e inventor of Bitcoin, where they hosted its development infrastructure and\n\u003e dev list under their own name. Even if what they published was 100%\n\u003e technically and ideologically equivalent to the Bitcoin we know in our\n\u003e dimension, most people wouldn't have trusted it merely due to appearances\n\u003e and it would have easily gone nowhere.\n\u003e\n\u003e I had a similar thought process last week when sidechains code was\n\u003e approaching release. Sidechains, like Bitcoin itself, are intended to be a\n\u003e generic piece of infrastructure (like ethernet?) that anyone can build upon\n\u003e and use. We thought about Google Groups or existing orgs that already host\n\u003e various open source infrastructure discussion lists like the IETF or the\n\u003e Linux Foundation. Google is too controversial in this community, and the\n\u003e IETF is seen as possibly too politically fractured. The Linux Foundation\n\u003e hosts a bunch of infrastructure lists\n\u003e \u003chttps://lists.linuxfoundation.org/mailman/listinfo\u003e and it seems that\n\u003e nobody in the Open Source industry considers them to be particularly\n\u003e objectionable. I talked with LF about the idea of hosting generic\n\u003e Bitcoin-related infrastructure development lists. They agreed as OSS\n\u003e infrastructure dev is already within their charter, so early this week\n\u003e sidechains-dev list began hosting there.\n\u003e\n\u003e From the perspective of our community, for bitcoin-dev it seems like a\n\u003e great fit. Why? While they are interested in supporting general open\n\u003e source development, the LF has literally zero stake in this. In addition\n\u003e to neutrality, they seem to be suitable as a competent host. They have\n\u003e full-time sysadmins maintaining their infrastructure including the Mailman\n\u003e server. They are soon upgrading to Mailman 3\n\u003e \u003chttp://wiki.list.org/Mailman3\u003e, which means mailing lists would benefit\n\u003e from the improved archive browser. I am not personally familiar with\n\u003e HyperKitty, but the point here is they are a stable non-profit entity who\n\u003e will competently maintain and improve things like their Mailman deployment\n\u003e (a huge improvement over the stagnant Sourceforge). It seems that LF would\n\u003e be competent, neutral place to host dev lists for the long-term.\n\u003e\n\u003e To be clear, this proposal is only about hosting the discussion list. The\n\u003e LF would have no control over the Bitcoin Project, as no single entity\n\u003e should.\n\u003e\n\u003e Proposed Action Plan\n\u003e\n\u003e\n\u003e -\n\u003e\n\u003e Discuss this openly within this community. Above is one example of a\n\u003e great neutral and competent host. If the technical leaders here can agree\n\u003e to move to a particular neutral host then we do it.\n\u003e -\n\u003e\n\u003e Migration: The current list admins become the new list admins. We\n\u003e import the entire list archive into the new host's archives for user\n\u003e convenience.\n\u003e -\n\u003e\n\u003e http://sourceforge.net/p/bitcoin/mailman/ Kill bitcoin-list and\n\u003e bitcoin-test. Very few people actually use it. Actually, let's delete the\n\u003e entire Bitcoin Sourceforge project as its continued existence serves no\n\u003e purpose and it only confuses people who find it. By deletion, nobody has\n\u003e to monitor it for a repeat of the Sept 2014 hacking incident\n\u003e \u003chttps://www.phoronix.com/scan.php?page=news_item\u0026px=MTc4Mzg\u003e or GIMP-type\n\u003e hijacking \u003chttps://lwn.net/Articles/646118/\u003e?\n\u003e -\n\u003e\n\u003e The toughest question would be the appropriateness of auto-importing\n\u003e the subscriber list to another list server, as mass imports have a tendency\n\u003e to upset people.\n\u003e\n\u003e\n\u003e Thoughts?\n\u003e\n\u003e Warren Togami\n\u003e\n\u003e\n\u003e ------------------------------------------------------------------------------\n\u003e\n\u003e _______________________________________________\n\u003e Bitcoin-development mailing list\n\u003e Bitcoin-development at lists.sourceforge.net\n\u003e https://lists.sourceforge.net/lists/listinfo/bitcoin-development\n\u003e\n\u003e\n\n\n-- \nJeff Garzik\nBitcoin core developer and open source evangelist\nBitPay, Inc. https://bitpay.com/\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20150614/76fad066/attachment.html\u003e",
"sig": "12580fb5bf137939c6172a6b589822fd7bac50d37cff793074f3ab3e9e51171e9265470cbda466c6207e6e56e71428c92904fcac3bc18fd8b98bd4d7d6a61c17"
}