Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-4.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Z49dS-00063C-TM for bitcoin-development@lists.sourceforge.net; Sun, 14 Jun 2015 15:15:46 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of bitpay.com designates 209.85.218.50 as permitted sender) client-ip=209.85.218.50; envelope-from=jgarzik@bitpay.com; helo=mail-oi0-f50.google.com; Received: from mail-oi0-f50.google.com ([209.85.218.50]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Z49dQ-00082D-Pj for bitcoin-development@lists.sourceforge.net; Sun, 14 Jun 2015 15:15:46 +0000 Received: by oigz2 with SMTP id z2so45344129oig.1 for ; Sun, 14 Jun 2015 08:15:39 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=ff/VPqJy9+74t4HD8pUAwgL+ExTEPLNbBAvhT7f3mVo=; b=CDCLxyAhJkadh6ChCJd4dy8oZeUEJbB56NFVrUqyT1Yn8e9X5qvRfL7AO8peC3L0RH rTngulmTR1s53+SJCcB0bqOC5GUlaTFjGJi3GitV4lfpcieCQKa5mDxuZivTuaPkkHAn AbCIErDbB+2RpPzNijSldQfZ/fYFaC0nPce9uXPevpcC4SHFALzcv6iakzQilzUN+1dE r3aDC1xQHIOTXbs5QOC3ZSCJIUcxen09QTdm1pCu2wofPZdgTT7Ycv4fU1VlDhM6y2wq h5mmacMkX6iJgHsk4kg32jfTmzFThculY1FdSKtwYkVkOPXNDvrQk20oIldIyRFs2Z02 dTfg== X-Gm-Message-State: ALoCoQnR5+yrukxaZiGvVnfiwH69mA+s2dOAz4ALdgoEXAWW8w+eotD0+aixwTi7l+vV3s13QIyj X-Received: by 10.60.92.131 with SMTP id cm3mr19890735oeb.23.1434294939262; Sun, 14 Jun 2015 08:15:39 -0700 (PDT) MIME-Version: 1.0 Received: by 10.202.108.149 with HTTP; Sun, 14 Jun 2015 08:15:18 -0700 (PDT) In-Reply-To: References: From: Jeff Garzik Date: Sun, 14 Jun 2015 11:15:18 -0400 Message-ID: To: "Warren Togami Jr." Content-Type: multipart/alternative; boundary=047d7b33d8125bb8fb05187bd08d X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Z49dQ-00082D-Pj Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Proposal: Move Bitcoin Dev List to a Neutral Competent Entity X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Jun 2015 15:15:46 -0000 --047d7b33d8125bb8fb05187bd08d Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable * ACK on moving away from SourceForge mailing lists - though only once a community-welcomed replacement is up and running * ACK on using LF as a mailing infrastructure provider * Research secure mailing list models, for bitcoin-security. The list is not ultra high security - we all use PGP for that - but it would perhaps be nice to find some spiffy cryptosystem where mailing list participants individually hold keys & therefore access. On Sun, Jun 14, 2015 at 6:12 AM, Warren Togami Jr. wrote: > Discomfort with Sourceforge > > For a while now people have been expressing concern about Sourceforge's > continued hosting of the bitcoin-dev mailing list. Downloads were moved > completely to bitcoin.org after the Sept 2014 hacking incident of the SF > project account. The company's behavior and perceived stability have bee= n > growing to be increasingly questionable. > > > http://www.theregister.co.uk/2013/11/08/gimp_dumps_sourceforge_over_dodgy= _ads_and_installer > > November 2013: GIMP flees SourceForge over dodgy ads and installer > > https://lwn.net/Articles/646118/ > > May 28th, 2015: SourceForge replacing GIMP Windows downloads > > http://seclists.org/nmap-dev/2015/q2/194 > > June 3rd, 2015: Sourceforge hijacked nmap's old site and downloads. > > When this topic came up over the past two years, it seemed that most > people agreed it would be a good idea to move. Someone always suggests > Google Groups as the replacement host. Google is quickly shot down as to= o > controversial in this community, and it becomes an even more difficult > question as to who else should host it. Realizing this is not so simple, > discussion then dies off until the next time somebody brings it up. > > > http://sourceforge.net/p/bitcoin/mailman/bitcoin-development/thread/19431= 27.DBnVxmfOIh%401337h4x0r/#msg34192607 > > Somebody brought it up again this past week. > > It seems logical that an open discussion list is not a big deal to > continue to be hosted on Sourceforge, as there isn=E2=80=99t much they co= uld do to > screw it up. I personally think moving it away now would be seen as a > gesture that we do not consider their behavior to be acceptable. There a= re > also some benefits in being hosted elsewhere, at an entity able to > professionally maintain their infrastructure while also being neutral to > the content. > > Proposal: Move Bitcoin Dev List to a Neutral Competent Entity > > Bitcoin is a global infrastructure development project where it would be > politically awkward for any of the existing Bitcoin companies or orgs to > host due to questions it would raise about perceived political control. > For example, consider a bizarro parallel universe where MtGox was the > inventor of Bitcoin, where they hosted its development infrastructure and > dev list under their own name. Even if what they published was 100% > technically and ideologically equivalent to the Bitcoin we know in our > dimension, most people wouldn't have trusted it merely due to appearances > and it would have easily gone nowhere. > > I had a similar thought process last week when sidechains code was > approaching release. Sidechains, like Bitcoin itself, are intended to be = a > generic piece of infrastructure (like ethernet?) that anyone can build up= on > and use. We thought about Google Groups or existing orgs that already ho= st > various open source infrastructure discussion lists like the IETF or the > Linux Foundation. Google is too controversial in this community, and the > IETF is seen as possibly too politically fractured. The Linux Foundation > hosts a bunch of infrastructure lists > and it seems that > nobody in the Open Source industry considers them to be particularly > objectionable. I talked with LF about the idea of hosting generic > Bitcoin-related infrastructure development lists. They agreed as OSS > infrastructure dev is already within their charter, so early this week > sidechains-dev list began hosting there. > > From the perspective of our community, for bitcoin-dev it seems like a > great fit. Why? While they are interested in supporting general open > source development, the LF has literally zero stake in this. In addition > to neutrality, they seem to be suitable as a competent host. They have > full-time sysadmins maintaining their infrastructure including the Mailma= n > server. They are soon upgrading to Mailman 3 > , which means mailing lists would benefit > from the improved archive browser. I am not personally familiar with > HyperKitty, but the point here is they are a stable non-profit entity who > will competently maintain and improve things like their Mailman deploymen= t > (a huge improvement over the stagnant Sourceforge). It seems that LF wou= ld > be competent, neutral place to host dev lists for the long-term. > > To be clear, this proposal is only about hosting the discussion list. Th= e > LF would have no control over the Bitcoin Project, as no single entity > should. > > Proposed Action Plan > > > - > > Discuss this openly within this community. Above is one example of a > great neutral and competent host. If the technical leaders here can a= gree > to move to a particular neutral host then we do it. > - > > Migration: The current list admins become the new list admins. We > import the entire list archive into the new host's archives for user > convenience. > - > > http://sourceforge.net/p/bitcoin/mailman/ Kill bitcoin-list and > bitcoin-test. Very few people actually use it. Actually, let's delet= e the > entire Bitcoin Sourceforge project as its continued existence serves n= o > purpose and it only confuses people who find it. By deletion, nobody = has > to monitor it for a repeat of the Sept 2014 hacking incident > or G= IMP-type > hijacking ? > - > > The toughest question would be the appropriateness of auto-importing > the subscriber list to another list server, as mass imports have a ten= dency > to upset people. > > > Thoughts? > > Warren Togami > > > -------------------------------------------------------------------------= ----- > > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > --=20 Jeff Garzik Bitcoin core developer and open source evangelist BitPay, Inc. https://bitpay.com/ --047d7b33d8125bb8fb05187bd08d Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
* ACK on moving away from SourceForge mailing lists -= though only once a community-welcomed replacement is up and running
<= div>
* ACK on using LF as a mailing infrastructure provider
* Research secure mailing list models, for bitcoin-security.= =C2=A0 The list is not ultra high security - we all use PGP for that - but = it would perhaps be nice to find some spiffy cryptosystem where mailing lis= t participants individually hold keys & therefore access.

On S= un, Jun 14, 2015 at 6:12 AM, Warren Togami Jr. <wtogami@gmail.com><= /span> wrote:

= Discomfort with Sourceforge

For a while now people have been expressing concer= n about Sourceforge's continued hosting of the bitcoin-dev mailing list= .=C2=A0 Downloads were moved completely to bitcoin.org after the Sept 2014 hacking incident of th= e SF project account.=C2=A0 The company's behavior and perceived stabil= ity have been growing to be increasingly questionable.


http://www.theregister.co.uk/2013/11/08/gimp_du= mps_sourceforge_over_dodgy_ads_and_installer

November 2013: GIMP flees Sou= rceForge over dodgy ads and installer

https://lwn.net/Articles/646118/

May 28th, 2015: So= urceForge replacing GIMP Windows downloads

http://seclists.org/nmap-dev/2015/q2/= 194

June 3rd, 2015: Sourceforge hijacked nmap's old site and downloads= .


When this topic came up over the past two years, it seemed that most peo= ple agreed it would be a good idea to move.=C2=A0 Someone always suggests G= oogle Groups as the replacement host.=C2=A0 Google is quickly shot down as = too controversial in this community, and it becomes an even more difficult = question as to who else should host it.=C2=A0 Realizing this is not so simp= le, discussion then dies off until the next time somebody brings it up.


http://sou= rceforge.net/p/bitcoin/mailman/bitcoin-development/thread/1943127.DBnVxmfOI= h%401337h4x0r/#msg34192607

Somebody brought it up again this past week.


I= t seems logical that an open discussion list is not a big deal to continue = to be hosted on Sourceforge, as there isn=E2=80=99t much they could do to s= crew it up.=C2=A0 I personally think moving it away now would be seen as a = gesture that we do not consider their behavior to be acceptable.=C2=A0 Ther= e are also some benefits in being hosted elsewhere, at an entity able to pr= ofessionally maintain their infrastructure while also being neutral to the = content.


Proposal: Move Bitcoin Dev List to a Neutral Com= petent Entity


Bitcoin is a global infrastructure development project where= it would be politically awkward for any of the existing Bitcoin companies = or orgs to host due to questions it would raise about perceived political c= ontrol.=C2=A0 For example, consider a bizarro parallel universe where MtGox= was the inventor of Bitcoin, where they hosted its development infrastruct= ure and dev list under their own name.=C2=A0 Even if what they published wa= s 100% technically and ideologically equivalent to the Bitcoin we know in o= ur dimension, most people wouldn't have trusted it merely due to appear= ances and it would have easily gone nowhere.


I had a similar thought proce= ss last week when sidechains code was approaching release. Sidechains, like= Bitcoin itself, are intended to be a generic piece of infrastructure (like= ethernet?) that anyone can build upon and use.=C2=A0 We thought about Goog= le Groups or existing orgs that already host various open source infrastruc= ture discussion lists like the IETF or the Linux Foundation.=C2=A0 Google i= s too controversial in this community, and the IETF is seen as possibly too= politically fractured.=C2=A0 The Linux Foundation hosts a bunch of infrastructure lists and = it seems that nobody in the Open Source industry considers them to be parti= cularly objectionable.=C2=A0 I talked with LF about the idea of hosting gen= eric Bitcoin-related infrastructure development lists.=C2=A0 They agreed as= OSS infrastructure dev is already within their charter, so early this week= sidechains-dev list began hosting there.


From the perspective of our comm= unity, for bitcoin-dev it seems like a great fit.=C2=A0 Why?=C2=A0 While th= ey are interested in supporting general open source development, the LF has= literally zero stake in this.=C2=A0 In addition to neutrality, they seem t= o be suitable as a competent host.=C2=A0 They have full-time sysadmins= maintaining their infrastructure including the Mailman server. They are so= on upgrading to Mailman 3, which means ma= iling lists would benefit from the improved archive browser.=C2=A0 I am not= personally familiar with HyperKitty, but the point here is they are a stab= le non-profit entity who will competently maintain and improve things like = their Mailman deployment (a huge improvement over the stagnant Sourceforge)= .=C2=A0 It seems that LF would be competent, neutral place to host dev list= s for the long-term.


To be clear, this proposal is only about hosting the = discussion list.=C2=A0 The LF would have no control over the Bitcoin Projec= t, as no single entity should.


Proposed Action Plan


  • Discuss this openly within this community.=C2=A0 Ab= ove is one example of a great neutral and competent host.=C2=A0 If the tech= nical leaders here can agree to move to a particular neutral host then we d= o it.

  • Migration: Th= e current list admins become the new list admins.=C2=A0 We import the entir= e list archive into the new host's archives for user convenience.

  • http://sourceforge.net/p/bitcoin/mailman/ =C2=A0Kill bitcoi= n-list and bitcoin-test.=C2=A0 Very few people actually use it.=C2=A0 Actua= lly, let's delete the entire Bitcoin Sourceforge project as its continu= ed existence serves no purpose and it only confuses people who find it.=C2= =A0 By deletion, nobody has to monitor it for a repeat of the Sept 2014 hacking incident or GIMP-type hijacking?

  • The toughest question would be the appropriateness of = auto-importing the subscriber list to another list server, as mass imports = have a tendency to upset people.


Thoughts?


Warren Togami

-----------------------------------------------------------------------= -------

_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/= listinfo/bitcoin-development




--
Jeff Garzik
Bitcoin core developer and open sourc= e evangelist
BitPay, Inc. =C2=A0 =C2=A0 =C2=A0https://bitpay.com/
--047d7b33d8125bb8fb05187bd08d--