discuss: Thread: Contacting TLDP authors. Share your thoughts.

Hello all,
I prepare myself to start contacting authors of the HOWTOs. So, this
is the right time to discuss what questions to ask them. Since I will
send recursively 200-300 emails it is most appropriate if I collect
all the needed for us information in one pass.

I expect you opinions.
One of the possible questions are if the specific author still wish to
maintain a HOWTO. And I have no ideas about other questions. But if
you have ideas for information that we could need now or in recent
future, please this is the moment to share your thoughts.

mhydra

Svetoslav P. Chukov a écrit :

> I expect you opinions.
> One of the possible questions are 

* if the specific author still wish to
> maintain a HOWTO.
->of course :-)

* Agree to have his HOWTO copied to the wiki with GFDL licence
  * Agree to manage his HOWTO on the wiki (control the editing 
process, acknowledge versions for copy to the static mirrored part)
  * accept to share the document with others people (id est, make the 
page writable by Known people)

* ake him aware of the LDP workflow change and ask him to spread the 
info around, just in case people can help :-)

* ...?

jdd



-- 
http://www.dodin.net
http://valerie.dodin.org
http://www.youtube.com/watch?v=t-eic8MSSfM

On Sun, Sep 14, 2008 at 8:50 PM, jdd ####@####.#### wrote:

> Svetoslav P. Chukov a écrit :
>
>  I expect you opinions.
>> One of the possible questions are
>>
>
> * if the specific author still wish to
>
>> maintain a HOWTO.
>>
> ->of course :-)
>
> * Agree to have his HOWTO copied to the wiki with GFDL licence
>  * Agree to manage his HOWTO on the wiki (control the editing process,
> acknowledge versions for copy to the static mirrored part)
>  * accept to share the document with others people (id est, make the page
> writable by Known people)
>
> * ake him aware of the LDP workflow change and ask him to spread the info
> around, just in case people can help :-)
>
> * ...?
>
> jdd
>
>
Another question. How we could authenticate the authors? So, the authors
gives me the permission to edit and manage his/her HOWTO. And after 3 months
the same author comes and claims that we violates his/her rights. Of course
we have emails, but everybody could make fake emails and could send them to
random address.
So, it would be good if we could sign our emails in some way.

Could we arrange something? I am thinking about PGP signatures for TLDP and
in that kind of work we could use that signatures in our emails. Just to be
sure that everything is correct.

mhydra



>
>
> --
> http://www.dodin.net
> http://valerie.dodin.org
> http://www.youtube.com/watch?v=t-eic8MSSfM
>
> ______________________
> http://lists.tldp.org/
>
>

My humble opinion is that the author *must* sign his mail with a known
signature, unless we own an official mail address they indicated for
contact. In this case, it should be their duty not to let anyone but
themselves use that mail address.

For example, if I put my mail address in a howto I wrote, and you send
a mail to that address and receive a reply, then I think the reply is
authentic, or that the author made a big mistake (but the
responsibility is his in both cases).

What do you think?

2008/9/14 Svetoslav P. Chukov ####@####.####
> On Sun, Sep 14, 2008 at 8:50 PM, jdd ####@####.#### wrote:
>
>> Svetoslav P. Chukov a écrit :
>>
>>  I expect you opinions.
>>> One of the possible questions are
>>>
>>
>> * if the specific author still wish to
>>
>>> maintain a HOWTO.
>>>
>> ->of course :-)
>>
>> * Agree to have his HOWTO copied to the wiki with GFDL licence
>>  * Agree to manage his HOWTO on the wiki (control the editing process,
>> acknowledge versions for copy to the static mirrored part)
>>  * accept to share the document with others people (id est, make the page
>> writable by Known people)
>>
>> * ake him aware of the LDP workflow change and ask him to spread the info
>> around, just in case people can help :-)
>>
>> * ...?
>>
>> jdd
>>
>>
> Another question. How we could authenticate the authors? So, the authors
> gives me the permission to edit and manage his/her HOWTO. And after 3 months
> the same author comes and claims that we violates his/her rights. Of course
> we have emails, but everybody could make fake emails and could send them to
> random address.
> So, it would be good if we could sign our emails in some way.
>
> Could we arrange something? I am thinking about PGP signatures for TLDP and
> in that kind of work we could use that signatures in our emails. Just to be
> sure that everything is correct.
>
> mhydra
>
>
>
>>
>>
>> --
>> http://www.dodin.net
>> http://valerie.dodin.org
>> http://www.youtube.com/watch?v=t-eic8MSSfM
>>
>> ______________________
>> http://lists.tldp.org/
>>
>>
>



-- 
Gianluca Ciccarelli
http://disi.unitn.it/~ciccarelli
GPG key ID: FDF429B0

Quoting Svetoslav P. Chukov ####@####.####

> Another question. How we could authenticate the authors? 

IMO, absolutely authenticating people is beyond the scope of what LDP can
reasonably do, and trying is not necessary or particularly useful.

Even attempting to maintain a gpg web of trust w/keyring or keyserver a
la Debian would not be sufficient to prove anyone's identity:  It would
merely give high confidence that subsequent contacts are from the same
person who first claimed to be a document's author -- _but_ you have no
reasonably confidence that the first person wasn't someone else
masquerading as the author.  

Scenario:  LDP attempts to chase down the author of a document, Mr. John
Q. Smith.  The former e-mail address doesn't work, so we use logic,
Web-searching, and inquires to find a new address that we guess is
probably the same John Q. Smith, and send an inquiry asking "Are you the
same John Q. Smith who wrote the Foo HOWTO?"  Unbeknownst to us, Mr.
Moriarty has access to this John Q. Smith's e-mail and falsely, to cause
mischief, replies "Yes, I wrote the Foo HOWTO.  Thank you.  Here's my
gpg key."  When the real John Q. Smith later claims LDP "violates his
rights", LDP is really no better off -- except it's spent scarce
volunteer help resources building up an overengineered authentication
system that actually doesn't help.

I would suggest, instead, just using reasonable prudence and acting in
good faith.  The very worst that's likely to happen is a brief
accidental granting of access to the wrong person, followed by reversion
and life resuming uninterrupted.

Rick Moen a écrit :

> I would suggest, instead, just using reasonable prudence and acting in
> good faith.  The very worst that's likely to happen is a brief
> accidental granting of access to the wrong person, followed by reversion
> and life resuming uninterrupted.

yes, better les security than fake security

jdd


-- 
http://www.dodin.net
http://valerie.dodin.org
http://www.youtube.com/watch?v=t-eic8MSSfM