Does debian-private violate the Debian Social Contract?


There has recently been a lot of attention on the publication of the first years of debian-private at Christmas 2019.

There have been many other disclosures in recent times too, for example, the revelations about Cryptie/Amandine Jambert, a CNIL employee undercover in FSFE (subscribe for more news like that).

As professionals, we all know the importance of protecting sensitive data for our employers and clients. When you consider the number of people who have access to debian-private today, it is not exactly a private forum in the first place. Debian voted to publish the debian-private archive in 2005 but never followed through. The full archive of character assassination is given to every new member in the future and victims have no way to remove things from it.

In the case of Debian, we have the Debian Social Contract. In particular, the second point tells us:

2. We will give back to the free software community

Spreading gossip about the free software community on debian-private appears to violate that point, as it undermines the wider community.

At the very least, debian-private needs to be shut down. Some may feel that point in the Debian Social Contract compels them to go ahead and publish more: the disclosures being a new way of giving back.