* ACK on moving away from SourceForge mailing lists - though only once a community-welcomed replacement is up and running * ACK on using LF as a mailing infrastructure provider * Research secure mailing list models, for bitcoin-security. The list is not ultra high security - we all use PGP for that - but it would perhaps be nice to find some spiffy cryptosystem where mailing list participants individually hold keys & therefore access. On Sun, Jun 14, 2015 at 6:12 AM, Warren Togami Jr. wrote: > Discomfort with Sourceforge > > For a while now people have been expressing concern about Sourceforge's > continued hosting of the bitcoin-dev mailing list. Downloads were moved > completely to bitcoin.org after the Sept 2014 hacking incident of the SF > project account. The company's behavior and perceived stability have been > growing to be increasingly questionable. > > > http://www.theregister.co.uk/2013/11/08/gimp_dumps_sourceforge_over_dodgy_ads_and_installer > > November 2013: GIMP flees SourceForge over dodgy ads and installer > > https://lwn.net/Articles/646118/ > > May 28th, 2015: SourceForge replacing GIMP Windows downloads > > http://seclists.org/nmap-dev/2015/q2/194 > > June 3rd, 2015: Sourceforge hijacked nmap's old site and downloads. > > When this topic came up over the past two years, it seemed that most > people agreed it would be a good idea to move. Someone always suggests > Google Groups as the replacement host. Google is quickly shot down as too > controversial in this community, and it becomes an even more difficult > question as to who else should host it. Realizing this is not so simple, > discussion then dies off until the next time somebody brings it up. > > > http://sourceforge.net/p/bitcoin/mailman/bitcoin-development/thread/1943127.DBnVxmfOIh%401337h4x0r/#msg34192607 > > Somebody brought it up again this past week. > > It seems logical that an open discussion list is not a big deal to > continue to be hosted on Sourceforge, as there isn’t much they could do to > screw it up. I personally think moving it away now would be seen as a > gesture that we do not consider their behavior to be acceptable. There are > also some benefits in being hosted elsewhere, at an entity able to > professionally maintain their infrastructure while also being neutral to > the content. > > Proposal: Move Bitcoin Dev List to a Neutral Competent Entity > > Bitcoin is a global infrastructure development project where it would be > politically awkward for any of the existing Bitcoin companies or orgs to > host due to questions it would raise about perceived political control. > For example, consider a bizarro parallel universe where MtGox was the > inventor of Bitcoin, where they hosted its development infrastructure and > dev list under their own name. Even if what they published was 100% > technically and ideologically equivalent to the Bitcoin we know in our > dimension, most people wouldn't have trusted it merely due to appearances > and it would have easily gone nowhere. > > I had a similar thought process last week when sidechains code was > approaching release. Sidechains, like Bitcoin itself, are intended to be a > generic piece of infrastructure (like ethernet?) that anyone can build upon > and use. We thought about Google Groups or existing orgs that already host > various open source infrastructure discussion lists like the IETF or the > Linux Foundation. Google is too controversial in this community, and the > IETF is seen as possibly too politically fractured. The Linux Foundation > hosts a bunch of infrastructure lists > and it seems that > nobody in the Open Source industry considers them to be particularly > objectionable. I talked with LF about the idea of hosting generic > Bitcoin-related infrastructure development lists. They agreed as OSS > infrastructure dev is already within their charter, so early this week > sidechains-dev list began hosting there. > > From the perspective of our community, for bitcoin-dev it seems like a > great fit. Why? While they are interested in supporting general open > source development, the LF has literally zero stake in this. In addition > to neutrality, they seem to be suitable as a competent host. They have > full-time sysadmins maintaining their infrastructure including the Mailman > server. They are soon upgrading to Mailman 3 > , which means mailing lists would benefit > from the improved archive browser. I am not personally familiar with > HyperKitty, but the point here is they are a stable non-profit entity who > will competently maintain and improve things like their Mailman deployment > (a huge improvement over the stagnant Sourceforge). It seems that LF would > be competent, neutral place to host dev lists for the long-term. > > To be clear, this proposal is only about hosting the discussion list. The > LF would have no control over the Bitcoin Project, as no single entity > should. > > Proposed Action Plan > > > - > > Discuss this openly within this community. Above is one example of a > great neutral and competent host. If the technical leaders here can agree > to move to a particular neutral host then we do it. > - > > Migration: The current list admins become the new list admins. We > import the entire list archive into the new host's archives for user > convenience. > - > > http://sourceforge.net/p/bitcoin/mailman/ Kill bitcoin-list and > bitcoin-test. Very few people actually use it. Actually, let's delete the > entire Bitcoin Sourceforge project as its continued existence serves no > purpose and it only confuses people who find it. By deletion, nobody has > to monitor it for a repeat of the Sept 2014 hacking incident > or GIMP-type > hijacking ? > - > > The toughest question would be the appropriateness of auto-importing > the subscriber list to another list server, as mass imports have a tendency > to upset people. > > > Thoughts? > > Warren Togami > > > ------------------------------------------------------------------------------ > > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > -- Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/