Date: Mon, 28 Apr 1997 21:04:29 -0600 (MDT)
From: Marc Slemko <marcs@worldgate.com>
To: new-httpd@apache.org
Subject: Re: Changed information for PR general/498 (fwd)
In-Reply-To: <97042822121383@decus.org>
Message-ID: <Pine.BSF.3.95q.970428205844.9874A-100000@valis.worldgate.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: new-httpd-owner@apache.org
Precedence: bulk
Reply-To: new-httpd@apache.org

On Mon, 28 Apr 1997, Rodent of Unusual Size wrote:

> >From the fingers of Marc Slemko flowed the following:
> >
> >On Mon, 28 Apr 1997, Dean Gaudet wrote:
> >
> >> I figure one of you guys know the answer to this better than me.  Can we
> >> completely remove something from the bugdb?  I know we'd also have to
> >> remove it from the bugdb mailing list digest. 
> 
>     What about just setting the "confidential" GNATS flag?  That won't
>     help the bugdb archives, though.  I've been thinking that the
>     confidential flag ought to be selectable on problem entry.  Now, how
>     to have the messages sent but not archived.. have to have them sent
>     to a different MD address that doesn't include archive2 in the alias
>     destination.

No.

We should make no illusions of confidentiality.  We can not give it as an
organization because we ain't one.  The bugdb list is an open list (I
think...) and anyone silly enough to want to can subscribe iff they know
how.  If we let people say something is confidential, they will expect it.
What happens when someone includes their entire passwd file?

All we can do is warn people that their reports will be publicly
accessable and if they don't like that they should send mail to
foobar@apache.org; if they have any need for confidentiality then they
must contact us w/o including that information and individuals can reply
and any gaurentees of confidentialty are between individuals.

We quite simply don't have the structure to support it, and trying would
hurt more than help.