@mozilla.org email addresses for Mozilla Reps

533 views
Skip to first unread message

Benjamin Kerensa

unread,
Oct 25, 2013, 12:31:44 AM10/25/13
to gover...@lists.mozilla.org
Hello Governance,

I'm writing today to put forward the following proposal for @mozilla.org
email addresses for Mozilla Reps as outlined here:
https://wiki.mozilla.org/User:Mrz/mozilla-org

Additionally, I would like to highlight the following policy that the
ReMo Council has put together in regards to email addresses for ReMo:
https://remo.etherpad.mozilla.org/email-policy

These proposals and proposed policies have been the work of both
community contributors and staff and I think adding email addresses as a
tool for contributors would be beneficial and add authenticity to
discussions community contributors often have with third parties
including universities, media and developers they engage with in order
to further the goals of Mozilla.

Many other open source projects already have practices of doing this
(Ubuntu: @ubuntu.com, Debian: @debian.org, GNOME: @gnome.org and so on).

Let's start a discussion on this and see where it goes!

--
Sincerly,

Benjamin Kerensa
http://benjaminkerensa.com

Majken Connor

unread,
Oct 25, 2013, 1:44:09 AM10/25/13
to Benjamin Kerensa, gover...@lists.mozilla.org
I am not comfortable with the idea that there would be a screening process
within the Reps program to get the address. Reps are already screened for
leadership and commitment.

"Any Mozilla Rep can request a @mozilla.org and each request must go
through a rigorous vouching process overseen by the Mozilla Reps Council,
based on the following criteria." - There is no criteria following this
statement, the criteria are listed in the etherpad linked further down
https://remo.etherpad.mozilla.org/email-attribution-criteria

I would personally like to see more meat in the section of why give people
email addresses. If it's just to give volunteers more credibility then
either we should give it to all volunteers, or we should determine which
volunteers will benefit from that increased credibility and especially how
Mozilla as an organization would benefit from giving volunteers more
credibility and what we would want volunteers to do with that credibility.


On Fri, Oct 25, 2013 at 12:31 AM, Benjamin Kerensa
<bker...@mozillausa.org>wrote:

> Hello Governance,
>
> I'm writing today to put forward the following proposal for @mozilla.orgemail addresses for Mozilla Reps as outlined here:
> https://wiki.mozilla.org/User:**Mrz/mozilla-org<https://wiki.mozilla.org/User:Mrz/mozilla-org>
>
> Additionally, I would like to highlight the following policy that the ReMo
> Council has put together in regards to email addresses for ReMo:
> https://remo.etherpad.mozilla.**org/email-policy<https://remo.etherpad.mozilla.org/email-policy>
>
> These proposals and proposed policies have been the work of both community
> contributors and staff and I think adding email addresses as a tool for
> contributors would be beneficial and add authenticity to discussions
> community contributors often have with third parties including
> universities, media and developers they engage with in order to further the
> goals of Mozilla.
>
> Many other open source projects already have practices of doing this
> (Ubuntu: @ubuntu.com, Debian: @debian.org, GNOME: @gnome.org and so on).
>
> Let's start a discussion on this and see where it goes!
>
> --
> Sincerly,
>
> Benjamin Kerensa
> http://benjaminkerensa.com
>
> ______________________________**_________________
> governance mailing list
> gover...@lists.mozilla.org
> https://lists.mozilla.org/**listinfo/governance<https://lists.mozilla.org/listinfo/governance>
>

Axel Hecht

unread,
Oct 25, 2013, 4:33:30 AM10/25/13
to mozilla-g...@lists.mozilla.org
I like the idea of revisiting what a @mozilla.org email address means
today, and I think that outstanding longtime leadership is probably best
matching what it is today, and what it could mean if we handed out new ones.

I'd not waive that requirements for paid contributors, though. I'd also
wouldn't restrict it to reps for non-paid contributors.

Technically, I'd ask for a revocation policy to be included. And we'd
probably need at least best-practices on what usernames to use. The
current list is very much nick-names, is that good? Do we need to care?

Axel

Gervase Markham

unread,
Oct 25, 2013, 8:16:24 AM10/25/13
to mozilla-g...@lists.mozilla.org
Hi Ben,
On 25/10/13 05:31, Benjamin Kerensa wrote:
> I'm writing today to put forward the following proposal for @mozilla.org
> email addresses for Mozilla Reps as outlined here:
> https://wiki.mozilla.org/User:Mrz/mozilla-org

You specifically mention Mozilla Reps, but that document says:

"To best reflect Mozilla's purpose as a non-profit mission first,
paid-staff will also have @mozilla.org email addresses."

Is that still part of the plan?

I agree with Majken that if we are making people Reps who aren't capable
of representing Mozilla, at least at the level of having an email
address, then something has gone wrong. Can you explain more why you
feel that an additional vetting step is needed?

Also, not everyone can or wants to become a rep. Can you expand on why
you feel we should tie this to the Reps program particularly?

At the moment, a discussion is going on about how we can create a set of
trusted people who can take part in Mozilla-internal discussions on
topics that we don't yet want shared with the press. It seems like the
problem of who gets @mozilla.org email addresses is a similar problem.
Perhaps the two could be combined? We need to have a big effort to
figure out how to define this group, and then give them both the email
addresses and the internal forum access.

Gerv

Mike Hoye

unread,
Oct 25, 2013, 10:16:41 AM10/25/13
to gover...@lists.mozilla.org
On 2013-10-25 1:16 PM, Gervase Markham wrote:
> You specifically mention Mozilla Reps, but that document says: "To
> best reflect Mozilla's purpose as a non-profit mission first,
> paid-staff will also have @mozilla.org email addresses." Is that still
> part of the plan?
A casual survey of the last two hundred hires or so should answer that
for sure, but for what it's worth I - hired at the beginning of this
year - don't have a .org address.

- mhoye

:mrz

unread,
Oct 25, 2013, 11:29:34 AM10/25/13
to
On Friday, October 25, 2013 7:16:41 AM UTC-7, Mike Hoye wrote:
> A casual survey of the last two hundred hires or so should answer that
> for sure, but for what it's worth I - hired at the beginning of this
> year - don't have a .org address.

To be expected - this proposed policy isn't in effect. The goal is to discuss and approve and then backfill addresses (or something - I specifically avoided implementation details).

:mrz

unread,
Oct 25, 2013, 11:40:10 AM10/25/13
to

> I agree with Majken that if we are making people Reps who aren't capable
> of representing Mozilla, at least at the level of having an email
> address, then something has gone wrong. Can you explain more why you
> feel that an additional vetting step is needed?

You know, it was discussed but I really can't recall the rationale anymore.

I think, however, the line comes more closely to whether or not an individual is an active contributor or not. I believe Reps - by definition of the program - are active contributors. Paid-staff too.

If I try to recall my own thinking from way back when, I think that's why I included Reps + paid-staff by default.

I also agree there's a revocation process but I'm less clear on how you determine someone's no longer active.

David Ascher

unread,
Oct 25, 2013, 11:51:16 AM10/25/13
to :mrz, gover...@lists.mozilla.org
Email addresses that die are a lot less useful than email addresses that never die. I understand the desire to not have people misrepresent their level of affiliation with Mozilla, but I don’t believe technology or policy can solve that problem. Tying an address to “currently active” also means lots of headaches when dealing with contributors whose involvement is periodic, seasonal, or whatnot.

Was there consideration of a possible “once a mozillian, always a mozillian” attitude with respect to email addresses, modulo exceptions for egregious improper use? I for one would not begrudge previously-active mozillians who might still want to use their mozilla.org address if they’re proud that they earned one once upon a time.

—david

Sheeri Cabral

unread,
Oct 25, 2013, 11:58:41 AM10/25/13
to David Ascher, :mrz, gover...@lists.mozilla.org

----- Original Message -----
From: "David Ascher" <d...@mozilla.com>
Subject: Re: @mozilla.org email addresses for Mozilla Reps

Was there consideration of a possible “once a mozillian, always a mozillian” attitude with respect to email addresses, modulo exceptions for egregious improper use? I for one would not begrudge previously-active mozillians who might still want to use their mozilla.org address if they’re proud that they earned one once upon a time.

—david


I'm all for this, too, if there's a clear directive and support for this infrastructure. Giving out an e-mail address is a great badge of honor, but even uses that are "routine" like sending out a large attachment to many people, can end up affecting all Mozilla e-mail. Are we backing up community members' emails too? If so, that's more resources and time spent by IT; if not, and there's a problem, we end up with a lot of unhappy Mozillians.

The summit was 1/3 employees, 2/3 community members. If we give emails to everyone who made the cut for the summit, that would triple our current email infrastructure. Are we prepared to spend more time on the e-mail infrastructure to wrangle this influx?

-Sheeri Cabral
Manager, Systems DB Team
Senior DB Admin/Architect
Mozilla

David Ascher

unread,
Oct 25, 2013, 11:59:39 AM10/25/13
to Sheeri Cabral, :mrz, gover...@lists.mozilla.org

On Oct 25, 2013, at 4:58 PM, Sheeri Cabral <sca...@mozilla.com> wrote:

> I'm all for this, too, if there's a clear directive and support for this infrastructure. Giving out an e-mail address is a great badge of honor, but even uses that are "routine" like sending out a large attachment to many people, can end up affecting all Mozilla e-mail. Are we backing up community members' emails too? If so, that's more resources and time spent by IT; if not, and there's a problem, we end up with a lot of unhappy Mozillians.

Sure. FYI, I’m thinking of the kinds of systems that e.g. US universities employ for alums. This stuff could easily be outsourced.

—da


Nikos Roussos

unread,
Oct 25, 2013, 12:05:42 PM10/25/13
to gover...@lists.mozilla.org
On Fri, 2013-10-25 at 08:40 -0700, :mrz wrote:
> I also agree there's a revocation process but I'm less clear on how you determine someone's no longer active.

I think David is right. Let's not try to over-complicate things. It's
better to have a well-defined policy on who gets a @mozilla.org alias
and keeps it forever (unless of course cases of abuse), than the other
way around.

Although I agree in principle with the "why only employees and reps?"
argument I think we should consider this as a try out phase. See how
that goes and how we can expand this to all active contributors.
Hopefully by that time we'll have a way to reliable determine if a
person is an active contributor.

~nikos
https://mozillians.org/u/comzeradd/


Myk Melez

unread,
Oct 25, 2013, 12:20:28 PM10/25/13
to David Ascher, Sheeri Cabral, mrz, gover...@lists.mozilla.org
Note that @mozilla.org addresses are currently email aliases
<http://en.wikipedia.org/wiki/Email_alias>, which means Mozilla
transfers mail to and from them but doesn't store the mail. That still
costs resources and time, but much less than if it were to also store
the mail, as it does for @mozilla.com addresses.

-myk

William Quiviger

unread,
Oct 25, 2013, 12:31:47 PM10/25/13
to Nikos Roussos, gover...@lists.mozilla.org
To Nikos' point:

Yes, the rationale was precisely to have a phased approach and start distributing @mozilla.org to staff and Reps only, see how that it went and then include everyone once we were confident about the process.

So the aim was always to eventually distribute @mozilla.org to *all* Mozillians.

- w

---
William Quiviger
Mozilla Reps Council Member
https://reps.mozilla.org/u/wquiviger/


On Oct 25, 2013, at 6:05 PM, Nikos Roussos <comz...@mozilla-community.org> wrote:

> On Fri, 2013-10-25 at 08:40 -0700, :mrz wrote:
>> I also agree there's a revocation process but I'm less clear on how you determine someone's no longer active.
>
> I think David is right. Let's not try to over-complicate things. It's
> better to have a well-defined policy on who gets a @mozilla.org alias
> and keeps it forever (unless of course cases of abuse), than the other
> way around.
>
> Although I agree in principle with the "why only employees and reps?"
> argument I think we should consider this as a try out phase. See how
> that goes and how we can expand this to all active contributors.
> Hopefully by that time we'll have a way to reliable determine if a
> person is an active contributor.
>
> ~nikos
> https://mozillians.org/u/comzeradd/
>
>
> _______________________________________________
> governance mailing list
> gover...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance

cshi...@mozilla.com

unread,
Oct 25, 2013, 12:37:56 PM10/25/13
to
On Friday, October 25, 2013 11:59:39 AM UTC-4, David Ascher wrote:
> Sure. FYI, I’m thinking of the kinds of systems that e.g. US universities employ for alums. This stuff could easily be outsourced.

There is still a cost involved.. This discussion should include the "at what cost are we willing to provide this service?" question as well. We can work backward from there and figure out if there is a way to make it fit. Also whose budget that would come from.

Fred Wenzel

unread,
Oct 25, 2013, 12:56:14 PM10/25/13
to Myk Melez, David Ascher, Sheeri Cabral, mrz, gover...@lists.mozilla.org
On 10/25/13 9:20 AM, Myk Melez wrote:
> Note that @mozilla.org addresses are currently email aliases

I actually think that's a plus. Neither employees nor other community
members really need another full blown IMAP account, I'd imagine. An
alias should suffice. Though sending outgoing mail with the right From:
can be challenging depending on what primary provider you work with.

Fred


Benjamin Kerensa

unread,
Oct 25, 2013, 1:03:09 PM10/25/13
to Corey Shields, gover...@lists.mozilla.org
If we just did aliases the cost would be almost nothing. Most mail
providers support treating aliases like a new address.

cshi...@mozilla.com

unread,
Oct 25, 2013, 1:14:57 PM10/25/13
to
On Friday, October 25, 2013 1:03:09 PM UTC-4, Benjamin Kerensa wrote:
> If we just did aliases the cost would be almost nothing. Most mail
> providers support treating aliases like a new address.

In our current setup it actually is a bit more involved. We still have some one-off accounts going back to the early days that aren't just aliases, those that are aliases still go through a spam filter that we pay for (per account), and mail that comes in to be relayed to a forwarded destination still traverses infrastructure that has to scale to meet demand unless we were to point MX for all of @mozilla.org to some outsourced entity. Unfortunately, the cost is far from nothing.

I'm not trying to shoot this down, I want to make sure that we all are aware that this can quickly become a significant investment, and then how do we scale it to the vision that Mitchell gave us for our contributor base in the years to come?

:mrz

unread,
Oct 25, 2013, 1:20:18 PM10/25/13
to
Yes, while I ignored the implementation in the original draft (co-drafted with Reps and finalized at the Madrid meeting... need to give credit where it's due), I did imagine simple email aliases vs. hosted mail accounts.

In fact, I imagined a system largely driven via mozillians.org that would generate /etc/aliases or trigger API calls to some mail provider. Whatever vouching process would be the trigger and users could self-manage destination addresses for their @mozilla.org address.

I do like the "once a Mozillian, always a Mozillian" - the current list of @mozilla.org addresses certainly reflects that.

Monica Chew

unread,
Oct 25, 2013, 1:30:04 PM10/25/13
to Benjamin Kerensa, gover...@lists.mozilla.org
Hi Benjamin,

I think it's a wonderful idea to give Reps and other contributors email addresses. Can I suggest mozillians.org instead of mozilla.org, though? mozilla.org is not sufficiently distinguishable from mozilla.com to avoid confusing paid staff from not, and Mozillian has the benefit of sounding like a person-descriptor.

I should also point out that in the future, it may become very important to be able to distinguish official email from Mozilla as a project, versus someone who is affiliated with Mozilla (as paid staff or not). Anti-phishing standards such as DMARC are much easier to adopt when an organization can separate mail by function into different domains. Widening the mozilla.{org,com} namespace makes this problem worse.

Thanks,
Monica

----- Original Message -----
> Hello Governance,
>
> I'm writing today to put forward the following proposal for @mozilla.org
> email addresses for Mozilla Reps as outlined here:
> https://wiki.mozilla.org/User:Mrz/mozilla-org
>
> Additionally, I would like to highlight the following policy that the
> ReMo Council has put together in regards to email addresses for ReMo:
> https://remo.etherpad.mozilla.org/email-policy
>
> These proposals and proposed policies have been the work of both
> community contributors and staff and I think adding email addresses as a
> tool for contributors would be beneficial and add authenticity to
> discussions community contributors often have with third parties
> including universities, media and developers they engage with in order
> to further the goals of Mozilla.
>
> Many other open source projects already have practices of doing this
> (Ubuntu: @ubuntu.com, Debian: @debian.org, GNOME: @gnome.org and so on).
>
> Let's start a discussion on this and see where it goes!
>
> --
> Sincerly,
>
> Benjamin Kerensa
> http://benjaminkerensa.com
>

Rubén Martín

unread,
Oct 25, 2013, 1:56:16 PM10/25/13
to gover...@lists.mozilla.org
El 25/10/13 19:30, Monica Chew escribió:
> I think it's a wonderful idea to give Reps and other contributors email addresses. Can I suggest mozillians.org instead of mozilla.org, though? mozilla.org is not sufficiently distinguishable from mozilla.com to avoid confusing paid staff from not, and Mozillian has the benefit of sounding like a person-descriptor.
>
> I should also point out that in the future, it may become very important to be able to distinguish official email from Mozilla as a project, versus someone who is affiliated with Mozilla (as paid staff or not).
The thing is that there should be nearly no distinction between a paid
employee and a active contributor (except form being paid and some
NDAs), that's the point of this proposal, we are all mozilla and trusted
mozillians should have a way to get a @mozilla.org email.

My personal view is that, as Nikos said, right now it's easier to
identify trusted mozillians with the Reps program, but definetly the
idea is to expand this group over time as soon as we have the mechanisms
to check that trust easily outside that group.

Regards.

--
Rubén Martín [Nukeador]
Mozilla Reps Mentor
http://www.mozilla-hispano.org
http://twitter.com/mozilla_hispano
http://facebook.com/mozillahispano


signature.asc

Monica Chew

unread,
Oct 25, 2013, 2:14:11 PM10/25/13
to Rubén Martín, gover...@lists.mozilla.org
> > I should also point out that in the future, it may become very important to
> > be able to distinguish official email from Mozilla as a project, versus
> > someone who is affiliated with Mozilla (as paid staff or not).
> The thing is that there should be nearly no distinction between a paid
> employee and a active contributor (except form being paid and some
> NDAs), that's the point of this proposal, we are all mozilla and trusted
> mozillians should have a way to get a @mozilla.org email.

My bad, I took this requirement from the etherpad at https://remo.etherpad.mozilla.org/email-policy. My point was not to distinguish between paid staff and not, but to distinguish between mail from Mozilla the project and a Mozilla contributor. Thus, the recommendation to use mozillians.org or another domain that's easier to distinguish from mozilla.{com,org}.

Thanks,
Monica

Rubén Martín

unread,
Oct 25, 2013, 4:37:44 PM10/25/13
to Monica Chew, gover...@lists.mozilla.org
El 25/10/13 20:14, Monica Chew escribió:
> My bad, I took this requirement from the etherpad at https://remo.etherpad.mozilla.org/email-policy. My point was not to distinguish between paid staff and not, but to distinguish between mail from Mozilla the project and a Mozilla contributor. Thus, the recommendation to use mozillians.org or another domain that's easier to distinguish from mozilla.{com,org}.
When you say "the project" you mean the Corporation?

Active Mozillians are part of the Mozilla Project, so the com vs org
difference should be enought to distinguish between paid and non-paid staff.

Apart from that, Mozilla Reps are already the official representatives
of Mozilla in their region, so I don't see any problem or misunderstandings.
signature.asc

Monica Chew

unread,
Oct 25, 2013, 5:26:47 PM10/25/13
to Rubén Martín, gover...@lists.mozilla.org
----- Original Message -----
> El 25/10/13 20:14, Monica Chew escribió:
> > My bad, I took this requirement from the etherpad at
> > https://remo.etherpad.mozilla.org/email-policy. My point was not to
> > distinguish between paid staff and not, but to distinguish between mail
> > from Mozilla the project and a Mozilla contributor. Thus, the
> > recommendation to use mozillians.org or another domain that's easier to
> > distinguish from mozilla.{com,org}.
> When you say "the project" you mean the Corporation?

No, I don't. I mean there is a useful distinction between the follow 2 classes of mail:

1) Official email from Mozilla, the organization, for things like summit announcements, or service/product announcements.
2) Email from people affiliated with Mozilla.

It would be great announce to the world that all official Mozilla mail will authenticate from Mozilla, say, using DKIM, and that all unauthenticated mail claiming to be from Mozilla should be ignored. Because class 2) mail often goes through mailing lists, it has different characteristics and is very difficult to impose the same authentication requirements. See http://www.dmarc.org/overview.html for more information.

We already have these two classes conflated -- adding more addresses to a domain that typical users will find visually indistinguishable from mozilla.com, only makes this problem worse.

> Active Mozillians are part of the Mozilla Project, so the com vs org
> difference should be enought to distinguish between paid and non-paid staff.

Sorry, I'm confused. Are we supposed to distinguish between paid and non-paid staff, or not? If not, one should not have to remember whether someone is paid staff or not in order to reach them, nor should they have to change email addresses if their employment status changes. In a perfect world, I would suggest the following

1) Create aliases for all existing mozilla.com addresses to mozillians.org
2) Encourage existing mozilla.com users to use their mozillians.org address
3) Send only official mail from mozilla.com and authenticate it
4) Allocate addresses on mozillians.org at will, for whomever you want

In any case, I strongly discourage the decision to create addresses on mozilla.org, because typical users will not understand the difference between org and com and it will only lead to confusion (see, for example, going to http://mozilla.com redirects to mozilla.org).

Thanks,
Monica

David Weir

unread,
Oct 25, 2013, 5:47:31 PM10/25/13
to Benjamin Kerensa, gover...@lists.mozilla.org
I think it should be all volunteers not just reps also


On Fri, Oct 25, 2013 at 5:31 AM, Benjamin Kerensa
<bker...@mozillausa.org>wrote:

> Hello Governance,
>
> I'm writing today to put forward the following proposal for @mozilla.orgemail addresses for Mozilla Reps as outlined here:
> https://wiki.mozilla.org/User:**Mrz/mozilla-org<https://wiki.mozilla.org/User:Mrz/mozilla-org>
>
> Additionally, I would like to highlight the following policy that the ReMo
> Council has put together in regards to email addresses for ReMo:
> https://remo.etherpad.mozilla.**org/email-policy<https://remo.etherpad.mozilla.org/email-policy>
>
> These proposals and proposed policies have been the work of both community
> contributors and staff and I think adding email addresses as a tool for
> contributors would be beneficial and add authenticity to discussions
> community contributors often have with third parties including
> universities, media and developers they engage with in order to further the
> goals of Mozilla.
>
> Many other open source projects already have practices of doing this
> (Ubuntu: @ubuntu.com, Debian: @debian.org, GNOME: @gnome.org and so on).
>
> Let's start a discussion on this and see where it goes!
>
> --
> Sincerly,
>
> Benjamin Kerensa
> http://benjaminkerensa.com
>
> ______________________________**_________________
> governance mailing list
> gover...@lists.mozilla.org
> https://lists.mozilla.org/**listinfo/governance<https://lists.mozilla.org/listinfo/governance>
>

Benjamin Kerensa

unread,
Oct 25, 2013, 6:44:28 PM10/25/13
to Corey Shields, gover...@lists.mozilla.org
I guess I would ask what the ROI is having hundreds of volunteers with a
more authentic communication channel.

I mean we have contributors right now using @gmail.com,
mozilla-peru.orgetc its fragmented.

Clearly other much smaller projects like GNOME saw value in such an
investment.

I think it brings us closer to "One Mozilla". Imagine that we have
contributors putting in part time hours on a volunteer basis and they do
not have an email address but a receptionist does?

David Ascher

unread,
Oct 25, 2013, 7:23:51 PM10/25/13
to Corey Shields, gover...@lists.mozilla.org

On Oct 25, 2013, at 6:14 PM, cshi...@mozilla.com wrote:

> I'm not trying to shoot this down, I want to make sure that we all are aware that this can quickly become a significant investment, and then how do we scale it to the vision that Mitchell gave us for our contributor base in the years to come?

If we agree value in a @mozilla.org identity, I’m more than happy to build the business case for it. I had a board member suggest that he’d gladly cash pay as his contribution in exchange for an address that he could “wear proudly”.

I truly don’t believe that sourcing the money side should be a blocker to this conversation. US universities provide this service because it leads to donations that far outweigh the opex. We certainly shouldn’t be talking about whose budget it would come from at this point, although I understand your fear that you’d be expected to cover it.

—da

Rubén Martín

unread,
Oct 25, 2013, 7:41:55 PM10/25/13
to Monica Chew, gover...@lists.mozilla.org
El 25/10/13 23:26, Monica Chew escribió:
> No, I don't. I mean there is a useful distinction between the follow 2 classes of mail:
>
> 1) Official email from Mozilla, the organization, for things like summit announcements, or service/product announcements.
> 2) Email from people affiliated with Mozilla.
>
> It would be great announce to the world that all official Mozilla mail will authenticate from Mozilla, say, using DKIM, and that all unauthenticated mail claiming to be from Mozilla should be ignored. Because class 2) mail often goes through mailing lists, it has different characteristics and is very difficult to impose the same authentication requirements. See http://www.dmarc.org/overview.html for more information.
>
> We already have these two classes conflated -- adding more addresses to a domain that typical users will find visually indistinguishable from mozilla.com, only makes this problem worse.
Sorry but I don't follow you.

I don't see the problem of having jd...@mozilla.org sending an email to a
mailing list. The email identifies the person which is contributing to
Mozilla, not Mozilla as a whole.

It's the same on every institution or organization, there is no
@gnome.org and @gnomers.org addresses, for me, it makes no sense.
signature.asc

Benjamin Kerensa

unread,
Oct 25, 2013, 7:51:15 PM10/25/13
to Monica Chew, gover...@lists.mozilla.org

On 10/25/13, 10:30 AM, Monica Chew wrote:
> Hi Benjamin,
>
> I think it's a wonderful idea to give Reps and other contributors email addresses. Can I suggest mozillians.org instead of mozilla.org, though? mozilla.org is not sufficiently distinguishable from mozilla.com to avoid confusing paid staff from not, and Mozillian has the benefit of sounding like a person-descriptor.
>
> I should also point out that in the future, it may become very important to be able to distinguish official email from Mozilla as a project, versus someone who is affiliated with Mozilla (as paid staff or not). Anti-phishing standards such as DMARC are much easier to adopt when an organization can separate mail by function into different domains. Widening the mozilla.{org,com} namespace makes this problem worse.
>
> Thanks,
> Monica

Hello Monica,

So this discussion has been ongoing outside of Moz Gov for some time now
(a couple years) and the idea to have @mozillians.org addresses was
offered as a suggestion but generally the consensus among community and
even staff who were involved in those discussions seemed to lean towards
mozillians.org.

I do appreciate the concern of not adding confusion between staff and
community contributors but to be honest I think that confusion already
exists and probably would not be amplified by using the mozilla.org
namespace. I know I get asked quite frequently whether I work for
Mozilla (A staff member actually asked me today) and I know that
question is not unique and is common for community contributors.

mozilla.org historically has not been a namespace used by staff from
what I understand but instead was mostly for MoFo but now that has
expanded some?

>
> ----- Original Message -----
>> Hello Governance,
>>
>> I'm writing today to put forward the following proposal for @mozilla.org
>> email addresses for Mozilla Reps as outlined here:
>> https://wiki.mozilla.org/User:Mrz/mozilla-org
>>
>> Additionally, I would like to highlight the following policy that the
>> ReMo Council has put together in regards to email addresses for ReMo:

Axel Hecht

unread,
Oct 26, 2013, 4:06:14 AM10/26/13
to mozilla-g...@lists.mozilla.org
I don't think we've handed out @mozilla.org email addresses in the last
10-ish years. st...@mozilla.org was the operational group running the
mozilla project before the Foundation existed. In the short period when
the Foundation existed and the Corporation did not, hires at that time
probably got @mozilla.org addresses, too.

I joined shortly after the Corporation was incorporated, and at that
point, @mozilla.org addresses weren't given out anymore. Even for
functional stuff like l10n@.

Axel

Majken Connor

unread,
Oct 26, 2013, 11:25:33 AM10/26/13
to David Ascher, Corey Shields, gover...@lists.mozilla.org
No matter if budget is going to be a problem I do see the point in actually
budgeting for it and understanding the implementation costs. That might
inspire us to think of different implementations that work out better for
us, and at least uncover problems that need to be solved or decisions that
need to be made. The paid for spam filter is an interesting problem.


On Fri, Oct 25, 2013 at 7:23 PM, David Ascher <d...@mozilla.com> wrote:

>
> On Oct 25, 2013, at 6:14 PM, cshi...@mozilla.com wrote:
>
> > I'm not trying to shoot this down, I want to make sure that we all are
> aware that this can quickly become a significant investment, and then how
> do we scale it to the vision that Mitchell gave us for our contributor base
> in the years to come?
>
> If we agree value in a @mozilla.org identity, I’m more than happy to
> build the business case for it. I had a board member suggest that he’d
> gladly cash pay as his contribution in exchange for an address that he
> could “wear proudly”.
>
> I truly don’t believe that sourcing the money side should be a blocker to
> this conversation. US universities provide this service because it leads
> to donations that far outweigh the opex. We certainly shouldn’t be talking
> about whose budget it would come from at this point, although I understand
> your fear that you’d be expected to cover it.
>
> —da
>
> _______________________________________________
> governance mailing list
> gover...@lists.mozilla.org
> https://lists.mozilla.org/listinfo/governance
>

Majken Connor

unread,
Oct 26, 2013, 11:36:29 AM10/26/13
to Axel Hecht, mozilla-g...@lists.mozilla.org
I wanted to comment on the project vs people aspect.

I agree with Monica that there is a difference. I use countries as a
metaphor. There is Mozilla the organization which is some sort of entity,
then there are citizens of Mozilla (mozillians) who make up that
organization and contribute to it, but are individuals.

Thinking about government, just because a sitting politician says something
doesn't necessarily mean that is the position of the government as a whole
or even of the party the belong to. The laws and policies of the country
are how the country speaks for itself, and a politician communicating those
laws and policies is then speaking on behalf of the country. The politician
talking about how they would change the law or problems with the law is
speaking as a citizen.

We actually want this distinction in Mozilla. While we want to be all
recognized as parts of Mozilla, we want to be able to speak and give our
opinions and dissent and we want people to understand that we are speaking
as part of Mozilla, but not *for* Mozilla. Otherwise we would have a lot
more cases of PR pulling out their hair and people getting lots of emails
saying we can't say this and that on behalf of Mozilla because it
contradicts policy.

I think it would be kinda cool actually if staff got @mozillians.org by
default and we did keep @mozilla.x addresses for communication that
represents Mozilla. Though I also get that it would be less effective than
giving out @mozilla.org addresses to all.


On Sat, Oct 26, 2013 at 4:06 AM, Axel Hecht <l1...@mozilla.com> wrote:

> On 10/26/13 1:51 AM, Benjamin Kerensa wrote:
>
>>
> I don't think we've handed out @mozilla.org email addresses in the last
> 10-ish years. st...@mozilla.org was the operational group running the
> mozilla project before the Foundation existed. In the short period when the
> Foundation existed and the Corporation did not, hires at that time probably
> got @mozilla.org addresses, too.
>
> I joined shortly after the Corporation was incorporated, and at that
> point, @mozilla.org addresses weren't given out anymore. Even for
> functional stuff like l10n@.
>
> Axel
>
>
>
> ----- Original Message -----
>>>
>>>> Hello Governance,
>>>>
>>>> I'm writing today to put forward the following proposal for @
>>>> mozilla.org
>>>> email addresses for Mozilla Reps as outlined here:
>>>> https://wiki.mozilla.org/User:**Mrz/mozilla-org<https://wiki.mozilla.org/User:Mrz/mozilla-org>
>>>>
>>>> Additionally, I would like to highlight the following policy that the
>>>> ReMo Council has put together in regards to email addresses for ReMo:
>>>> https://remo.etherpad.mozilla.**org/email-policy<https://remo.etherpad.mozilla.org/email-policy>
>>>>
>>>> These proposals and proposed policies have been the work of both
>>>> community contributors and staff and I think adding email addresses as a
>>>> tool for contributors would be beneficial and add authenticity to
>>>> discussions community contributors often have with third parties
>>>> including universities, media and developers they engage with in order
>>>> to further the goals of Mozilla.
>>>>
>>>> Many other open source projects already have practices of doing this
>>>> (Ubuntu: @ubuntu.com, Debian: @debian.org, GNOME: @gnome.org and so
>>>> on).
>>>>
>>>> Let's start a discussion on this and see where it goes!
>>>>
>>>> --
>>>> Sincerly,
>>>>
>>>> Benjamin Kerensa
>>>> http://benjaminkerensa.com
>>>>
>>>>
>>>>
>>
> ______________________________**_________________
> governance mailing list
> gover...@lists.mozilla.org
> https://lists.mozilla.org/**listinfo/governance<https://lists.mozilla.org/listinfo/governance>
>

Gervase Markham

unread,
Oct 29, 2013, 10:01:26 AM10/29/13
to William Quiviger, Nikos Roussos
On 25/10/13 17:31, William Quiviger wrote:
> Yes, the rationale was precisely to have a phased approach and start
> distributing @mozilla.org to staff and Reps only, see how that it
> went and then include everyone once we were confident about the
> process.
>
> So the aim was always to eventually distribute @mozilla.org to *all*
> Mozillians.

Assuming we use the definition of Mozillian as someone who:

* believes in the mission
* does something to actively advance it
* interacts with the Mozilla community

then I think that would be a large mistake.

Having an email address @projectname.org implies, in the open source
world, that you have a trusted position inside that organization.
@debian.org is for Debian developers. @apache.org is for Apache
committers. And so on.

Giving an @mozilla.org email address to all Mozillians (by the above
definition) would make it a pretty easy thing to get - which would both
devalue it, and also come with some reputational risk to Mozilla.

Gerv

Gervase Markham

unread,
Oct 29, 2013, 10:04:10 AM10/29/13
to mozilla-g...@lists.mozilla.org
On 25/10/13 18:30, Monica Chew wrote:
> I think it's a wonderful idea to give Reps and other contributors
> email addresses. Can I suggest mozillians.org instead of mozilla.org,
> though? mozilla.org is not sufficiently distinguishable from
> mozilla.com to avoid confusing paid staff from not, and Mozillian has
> the benefit of sounding like a person-descriptor.

I think making the distinction between paid staff and volunteers more
clear is actively an anti-goal.

When this program happens, I would like to see paid staff who qualify
for @mozilla.org starting to use that email address as their primary
Mozilla identity. A few of us already do that.

> I should also point out that in the future, it may become very
> important to be able to distinguish official email from Mozilla as a
> project, versus someone who is affiliated with Mozilla (as paid staff
> or not).

Email always comes from a person, it never comes from an organization
(at least, I hope Mozilla will never even attempt to be that
impersonal!). I do not think there will be a problem distinguishing
summit announcements from e.g. IETF contributions (which are always
individual), even if both come from @mozilla.org email addresses.

Gerv

Gervase Markham

unread,
Oct 29, 2013, 10:14:24 AM10/29/13
to mozilla-g...@lists.mozilla.org
On 25/10/13 13:16, Gervase Markham wrote:
> At the moment, a discussion is going on about how we can create a set of
> trusted people who can take part in Mozilla-internal discussions on
> topics that we don't yet want shared with the press. It seems like the
> problem of who gets @mozilla.org email addresses is a similar problem.
> Perhaps the two could be combined? We need to have a big effort to
> figure out how to define this group, and then give them both the email
> addresses and the internal forum access.

At the Festival, I was encouraged to elaborate on this. I've talked
about my idea elsewhere, but here it is again:

There are now at least two reasons we need to define a subset of
Mozillians who are trusted by the community.

The first is that we want to have a discussion forum where we can talk
about sensitive subjects in a group larger than "employees" but smaller
than "public". We've needed this for ages, and we still need it. And we
need to define who's in and who's out, and how you decide.

The second is that we want to give out @mozilla.org email addresses to
people who we are confident will not use them to damage Mozilla's
reputation. This is also a trust issue. As we are finding out, we need
to define who's in and who's out, and how you decide.

My contention is that these two groups could be the same group.

In order to define this group well, we need to "encode" existing trust
relationships. Here is my proposal, which I call the 'Mafia' way of
building a trust network.

We seed the group with, say, twenty or so people whose status as
Mozillians is beyond doubt. We then say that anyone else can be admitted
to the group if they are endorsed (I won't say "vouched", as it's
confusing!) by two existing members. And if that person is found to have
broken a confidence or otherwise behaved in a way which leads to loss of
privileges or access, the two people who vouched for them also lose
those privileges, for a period of six months. (Hence, tongue-in-cheek,
'Mafia' - "if you cross us, we'll come after you _and_ your parents".)

This makes endorsing someone an action with real downsides, which is the
only way to ensure that endorsements will be carefully considered, and
people only endorse people they actively trust.

If I vouch for someone in mozillians.org and they later act highly
inappropriately, nothing bad happens to me. There's no downside to me
simply vouching for anyone who asks, which makes it very easy to get
vouched for. In order to build a real web of trust, we need to change that.

Gerv

Nikos Roussos

unread,
Oct 29, 2013, 10:21:47 AM10/29/13
to Gervase Markham, William Quiviger, mozilla-g...@lists.mozilla.org
On Tue, 2013-10-29 at 14:01 +0000, Gervase Markham wrote:
> On 25/10/13 17:31, William Quiviger wrote:
> > Yes, the rationale was precisely to have a phased approach and start
> > distributing @mozilla.org to staff and Reps only, see how that it
> > went and then include everyone once we were confident about the
> > process.
> >
> > So the aim was always to eventually distribute @mozilla.org to *all*
> > Mozillians.
>
> Assuming we use the definition of Mozillian as someone who:
>
> * believes in the mission
> * does something to actively advance it
> * interacts with the Mozilla community
>
> then I think that would be a large mistake.
>
> Having an email address @projectname.org implies, in the open source
> world, that you have a trusted position inside that organization.
> @debian.org is for Debian developers. @apache.org is for Apache
> committers. And so on.

It usually means that you are a <random Open-Source project name>
contributor. For instance I have a mail address for Fedora Project and
FSFE since my very first contribution.

> Giving an @mozilla.org email address to all Mozillians (by the above
> definition) would make it a pretty easy thing to get - which would both
> devalue it, and also come with some reputational risk to Mozilla.

That's a valid concern, and that's why is better to take small steps
giving @mozilla.org aliases to paid stuff and reps for now.


~nikos

Dirkjan Ochtman

unread,
Oct 29, 2013, 11:05:07 AM10/29/13
to Gervase Markham, mozilla-governance
On Tue, Oct 29, 2013 at 3:14 PM, Gervase Markham <ge...@mozilla.org> wrote:
> At the Festival, I was encouraged to elaborate on this. I've talked
> about my idea elsewhere, but here it is again:
>
> There are now at least two reasons we need to define a subset of
> Mozillians who are trusted by the community.
>
> The first is that we want to have a discussion forum where we can talk
> about sensitive subjects in a group larger than "employees" but smaller
> than "public". We've needed this for ages, and we still need it. And we
> need to define who's in and who's out, and how you decide.
>
> The second is that we want to give out @mozilla.org email addresses to
> people who we are confident will not use them to damage Mozilla's
> reputation. This is also a trust issue. As we are finding out, we need
> to define who's in and who's out, and how you decide.
>
> My contention is that these two groups could be the same group.

So far, sounds great.

> In order to define this group well, we need to "encode" existing trust
> relationships. Here is my proposal, which I call the 'Mafia' way of
> building a trust network.
>
> We seed the group with, say, twenty or so people whose status as
> Mozillians is beyond doubt. We then say that anyone else can be admitted
> to the group if they are endorsed (I won't say "vouched", as it's
> confusing!) by two existing members. And if that person is found to have
> broken a confidence or otherwise behaved in a way which leads to loss of
> privileges or access, the two people who vouched for them also lose
> those privileges, for a period of six months. (Hence, tongue-in-cheek,
> 'Mafia' - "if you cross us, we'll come after you _and_ your parents".)

I understand the need to do downsides, but this seems like a very
harsh penalty. It would be easy to vouch for someone at some point,
and at some point 5 years in the future, that someone does something
bad and gets banned. Is it still fair for the original vouching person
to be penalized for that?

It seems like timeliness of the vouching must play a role here. The
scheme I just came up with is, once you get 2 people to vouch for you,
you get 4 points to vouch with for others (i.e. limiting the amount of
vouches you can give out, adding some cost to vouching). But, vouches
deteriorate over time, so after, say, a year, your 2 initial vouches
are worth less than 1.0, and your access gets revoked unless you find
some people to vouch for you again. Since people may migrate to
different areas of the community, it may make sense to have other
people vouch for you this time compared to last time.

(Yeah, this gets complex. And probably needs its own thread. But it's
a good discussion to have.)

Cheers,

Dirkjan

David Ascher

unread,
Oct 29, 2013, 11:15:24 AM10/29/13
to Dirkjan Ochtman, mozilla-governance, Gervase Markham

On Oct 29, 2013, at 11:05 AM, Dirkjan Ochtman <dir...@ochtman.nl> wrote:

>> The first is that we want to have a discussion forum where we can talk
>> about sensitive subjects in a group larger than "employees" but smaller
>> than "public". We've needed this for ages, and we still need it. And we
>> need to define who's in and who's out, and how you decide.
>>
>> The second is that we want to give out @mozilla.org email addresses to
>> people who we are confident will not use them to damage Mozilla's
>> reputation. This is also a trust issue. As we are finding out, we need
>> to define who's in and who's out, and how you decide.
>>
>> My contention is that these two groups could be the same group.
>

The first is an ACL restriction among many. It’s not clear to me why we want to prioritize one permission (‘hear some kinds of news’) above ‘access to VPN’, ‘access to the t-shirt database’, ‘access to …’.

Mozilla.org email adresses has, I claim, interesting potential both for fundraising and to ‘make-people-feel-good’. (esp. if we make it easy for people to opt-in to a .sig that explains Mozilla, for example)

My counter-contention is we’re more agile and impactful if we’re willing to be generous w/ the latter while correct with the former.

As a thought experiment, I’d be +1 on giving jwz a mozilla.org email address, but I doubt he should be in the former ACL group (until such time as he chooses to get more involved).

—da

Mike Connor

unread,
Oct 29, 2013, 11:18:43 AM10/29/13
to gover...@lists.mozilla.org
On 2013-10-29 10:14 AM, Gervase Markham wrote:
> We seed the group with, say, twenty or so people whose status as
> Mozillians is beyond doubt. We then say that anyone else can be admitted
> to the group if they are endorsed (I won't say "vouched", as it's
> confusing!) by two existing members. And if that person is found to have
> broken a confidence or otherwise behaved in a way which leads to loss of
> privileges or access, the two people who vouched for them also lose
> those privileges, for a period of six months. (Hence, tongue-in-cheek,
> 'Mafia' - "if you cross us, we'll come after you _and_ your parents".)
>
> This makes endorsing someone an action with real downsides, which is the
> only way to ensure that endorsements will be carefully considered, and
> people only endorse people they actively trust.
>
> If I vouch for someone in mozillians.org and they later act highly
> inappropriately, nothing bad happens to me. There's no downside to me
> simply vouching for anyone who asks, which makes it very easy to get
> vouched for. In order to build a real web of trust, we need to change
> that.

I would support this proposal. It maps well to how we handle other
forms of trust (commit access, module ownership, etc), which has served
us well as a project. I share Dirkjan's concern that timeliness needs
to be considered, however I think that can be dealt with through a
probationary period (maybe a year) after which vouchers wouldn't pay a
penalty.

My primary concern here is that, unlike the majority of open projects,
Mozilla gets a lot of press attention and coverage. Anything we do that
implies (whether correctly or not) that an individual represents Mozilla
represents a risk we should balance against the benefit we believe we'll
get from providing @mozilla.org addresses.

-- Mike

L. David Baron

unread,
Oct 29, 2013, 11:54:19 AM10/29/13
to gover...@lists.mozilla.org
On Friday 2013-10-25 19:05 +0300, Nikos Roussos wrote:
> Although I agree in principle with the "why only employees and reps?"
> argument I think we should consider this as a try out phase. See how
> that goes and how we can expand this to all active contributors.
> Hopefully by that time we'll have a way to reliable determine if a
> person is an active contributor.

I'm pretty uncomfortable with the idea of starting with only
employees and reps; I'd like to be able to include non-employee
contributors in areas other than the areas covered by the reps
program (regional events and marketing, as I understand it), and I'm
concerned that temporary things tend to become permanent.

-David

--
𝄞 L. David Baron http://dbaron.org/ 𝄂
𝄢 Mozilla https://www.mozilla.org/ 𝄂
Before I built a wall I'd ask to know
What I was walling in or walling out,
And to whom I was like to give offense.
- Robert Frost, Mending Wall (1914)
signature.asc

Monica Chew

unread,
Oct 29, 2013, 1:12:43 PM10/29/13
to Gervase Markham, mozilla-g...@lists.mozilla.org
> > I should also point out that in the future, it may become very
> > important to be able to distinguish official email from Mozilla as a
> > project, versus someone who is affiliated with Mozilla (as paid staff
> > or not).
>
> Email always comes from a person, it never comes from an organization
> (at least, I hope Mozilla will never even attempt to be that
> impersonal!). I do not think there will be a problem distinguishing
> summit announcements from e.g. IETF contributions (which are always
> individual), even if both come from @mozilla.org email addresses.

We have at least one product that requires email verification flow (Persona) and there's also a payments API (https://wiki.mozilla.org/Apps/ID_and_Payments, https://wiki.mozilla.org/WebAPI/WebPayment). The email verification flow already involves mail that is from a service, not from a person. I could imagine that the payments API might involve email that's similar. That's not being impersonal -- that's using the communication model that everyone already understands from things like Paypal and bank email notifications.

Besides that issue, I still don't think that foo.com and foo.org addresses still make sense simultaneously for any protocol, including mail. Otherwise, many domains wouldn't redirect from one to the other (including ours), and resolv.conf wouldn't support search directives. We shouldn't try to create a distinction artificially and expect people to understand it.

Thanks,
Monica

Benjamin Kerensa

unread,
Oct 29, 2013, 1:23:54 PM10/29/13
to Gervase Markham, mozilla-g...@lists.mozilla.org
I wanted to add that I had an opportunity to talk to a few staff from the
Portland office who have been following this and they like the idea.

One suggested that all staff and contributors should use @mozilla.org

On Oct 29, 2013 7:05 AM, "Gervase Markham" <ge...@mozilla.org> wrote:
>
> On 25/10/13 18:30, Monica Chew wrote:
> > I think it's a wonderful idea to give Reps and other contributors
> > email addresses. Can I suggest mozillians.org instead of mozilla.org,
> > though? mozilla.org is not sufficiently distinguishable from
> > mozilla.com to avoid confusing paid staff from not, and Mozillian has
> > the benefit of sounding like a person-descriptor.
>
> I think making the distinction between paid staff and volunteers more
> clear is actively an anti-goal.
>
> When this program happens, I would like to see paid staff who qualify
> for @mozilla.org starting to use that email address as their primary
> Mozilla identity. A few of us already do that.
>
> > I should also point out that in the future, it may become very
> > important to be able to distinguish official email from Mozilla as a
> > project, versus someone who is affiliated with Mozilla (as paid staff
> > or not).
>
> Email always comes from a person, it never comes from an organization
> (at least, I hope Mozilla will never even attempt to be that
> impersonal!). I do not think there will be a problem distinguishing
> summit announcements from e.g. IETF contributions (which are always
> individual), even if both come from @mozilla.org email addresses.
>
> Gerv

Rubén Martín

unread,
Oct 29, 2013, 2:59:41 PM10/29/13
to gover...@lists.mozilla.org
El 29/10/13 15:01, Gervase Markham escribió:
> Assuming we use the definition of Mozillian as someone who:
>
> * believes in the mission
> * does something to actively advance it
> * interacts with the Mozilla community
>
> then I think that would be a large mistake.
>
> Having an email address @projectname.org implies, in the open source
> world, that you have a trusted position inside that organization.
> @debian.org is for Debian developers. @apache.org is for Apache
> committers. And so on.
>
> Giving an @mozilla.org email address to all Mozillians (by the above
> definition) would make it a pretty easy thing to get - which would both
> devalue it, and also come with some reputational risk to Mozilla.
I agree because for me, right know at mozillians.org there is a lot of
people I don't consider an active mozillian, it's super easy to get
vouched by anyone.

@mozilla.org accounts should come with a fair use agreement, as commit
access or reps, and should be open to any mozillian (paid, non-paid,
rep, non-rep).

I like the endorse idea, but I think that if Reps Council approving a
double-endorsed mozillian to have an account should be enought. The fair
use agreement should take care of bad behaviors and remove this account
if violated.

So the SOP would be:

* I open a @mozilla.org email resquest and cc two already @mozilla.org
to endorse me.
* Reps Council IT Task force evaluates the request.
* If it's OK, they send me the agreements to sign (probably employees
and reps agreements already cover this fair use policy).
* I sign the agreement and attach it back.
* Reps Council gives the OK to IT to create the account and send me
the details.
signature.asc

Edmund Wong

unread,
Oct 29, 2013, 9:21:14 PM10/29/13
to mozilla-g...@lists.mozilla.org
Hi,

PMJI.

[short]
I've read this thread and I'm getting the impression that '@mozilla.org
for every Mozillian' is something that really shouldn't be happening
no matter how some feel it should. IOW, just give '@mozilla.org' to
Mozilla reps.
[/short]

[long]
There is an idea: '@mozilla.org' to every Mozillian.

Now 'we' need to add a bunch of obstacles and hoops in the way of
attaining that goal.

Rationales for doing the obstacles and hoops:

- (Not quoting anyone here.. just a feeling) "After all, we don't
want rapscallions and bad people ruining Mozilla's reputation."

- We should just limit it to Mozilla Reps and paid staff first.
- just to test the 'waters' and to ensure that there's
infrastructure to scale out (for the possibility of
adding every Mozillian)

"I have a bunch of candies for everyone. But first, you need
to sign a form, and get approval..etc.." Get the idea?
I mean if you have something that you'd like to give to people,
but then find a bunch of rationales for preventing it being
given to 'bad apples', you're just setting up yourself for
churning. I mean. As you increase the # of recipients of
an item, you're bound to give it to someone who really shouldn't
be having it.

My opinion? Just permit Mozilla Reps to have the 'mozilla.org'
email address and be done with it. Paid staff already have
the 'mozilla.com' address so having 'mozilla.org' for them
is just redundant. The infrastructure required isn't as
hefty as for the whole Mozillian group(of course, it also depends
on how the 'mozilla.org' email address works. Is it just an alias,
or a full fledged email address?).

I don't feel any less of being a Mozillian without the 'mozilla.org'
email address. Just as having one doesn't make me more Mozillian.
[/long]

Now as I write this, I wonder if I just made the cut for poster
boy for Mark Twain's quote:

"It is better to remain silent and be thought a fool
than to open one's mouth and remove all doubt."

Edmund

Mike Hoye

unread,
Oct 30, 2013, 9:27:37 AM10/30/13
to gover...@lists.mozilla.org
On 10/29/2013, 11:18 AM, Mike Connor wrote:
> On 2013-10-29 10:14 AM, Gervase Markham wrote:
>> We seed the group with, say, twenty or so people whose status as
>> Mozillians is beyond doubt. We then say that anyone else can be admitted
>> to the group if they are endorsed (I won't say "vouched", as it's
>> confusing!) by two existing members. And if that person is found to have
>> broken a confidence or otherwise behaved in a way which leads to loss of
>> privileges or access, the two people who vouched for them also lose
>> those privileges, for a period of six months. (Hence, tongue-in-cheek,
>> 'Mafia' - "if you cross us, we'll come after you _and_ your parents".)
[...]
> I would support this proposal. It maps well to how we handle other
> forms of trust (commit access, module ownership, etc), which has
> served us well as a project. I share Dirkjan's concern that
> timeliness needs to be considered, however I think that can be dealt
> with through a probationary period (maybe a year) after which vouchers
> wouldn't pay a penalty.

I support Gerv's proposal as well, for reasons that may be only
semantically different from Connor's that I'm going to elaborate anyway:
that it meets a minimalist expression of our immediate needs, that it's
built on people trusting people rather than on an elaborate policy, and
that by virtue of that we'll be able to ship a viable implementation
quickly without much administrative overhead.

Move quickly, trust our people, minimum viable everything.

- mhoye

Gervase Markham

unread,
Oct 30, 2013, 10:10:45 AM10/30/13
to David Ascher, Dirkjan Ochtman
On 29/10/13 15:15, David Ascher wrote:
>>> My contention is that these two groups could be the same group.
>
> The first is an ACL restriction among many. It’s not clear to me why
> we want to prioritize one permission (‘hear some kinds of news’)
> above ‘access to VPN’, ‘access to the t-shirt database’, ‘access to
> …’.

Working out a trusted set of people for a discussion is a _social_
problem. Yes, technically, it's a permissions bit somewhere, but the
difficult problem is deciding who gets it.

The other things you list are much more prosaic and there are more
obvious criteria for deciding who gets access to the t-shirt database
(people who need to know in order for t-shirts to be shipped, and no-one
else) than deciding who gets to take part in confidential discussions in
a project which strives for openness but sometimes has to be non-public
about some things.

> My counter-contention is we’re more agile and impactful if we’re
> willing to be generous w/ the latter while correct with the former.
>
> As a thought experiment, I’d be +1 on giving jwz a mozilla.org email
> address, but I doubt he should be in the former ACL group (until such
> time as he chooses to get more involved).

If we decide @mozilla.org email addresses are for life, then I'd be
happy with the exit criteria for the two groups being different. But it
still makes sense to me to unify the entry criteria.

However, that sense fundamentally rests on my belief that we should give
@mozilla.org email addresses to trusted people. If the consensus is we
should be more generous than that, then yes, the criteria will need to
be different.

Gerv

Majken Connor

unread,
Oct 30, 2013, 1:50:36 PM10/30/13
to Gervase Markham, Dirkjan Ochtman, mozilla-g...@lists.mozilla.org, David Ascher
I think something to keep in mind is that we don't have to find THE 20
people who are best for this group, we simply need to find A set of 20
people who fit the criteria and who are willing to plow through a whole
bunch of these requests. So we are definitely not saying that these 20
people are the most Mozillian of all Mozillians, but that they are
qualified to handle this task. They should be distributed between regions
and teams as much as possible to make sure the trust spreads as evenly as
possible through Mozilla and doesn't bias for eg North American developers.

I also want to suggest maybe there needs to be a time period before a
person can vouch for new members? I think this is also normal in this type
of trust system and it also minimizes the damage to the trust structure if
someone makes it through by mistake.

Maybe Gerv could start an etherpad to track the proposal and proposals for
the proposal? ;)

Or looping back we seem to be throwing out some of the work mrz and Reps
have done, should we ask those people who already did this work to alter
their proposal to reflect what's been discussed here?


On Wed, Oct 30, 2013 at 10:10 AM, Gervase Markham <ge...@mozilla.org> wrote:

> On 29/10/13 15:15, David Ascher wrote:
> >>> My contention is that these two groups could be the same group.
> >
> > The first is an ACL restriction among many. It’s not clear to me why
> > we want to prioritize one permission (‘hear some kinds of news’)
> > above ‘access to VPN’, ‘access to the t-shirt database’, ‘access to
> > …’.
>
> Working out a trusted set of people for a discussion is a _social_
> problem. Yes, technically, it's a permissions bit somewhere, but the
> difficult problem is deciding who gets it.
>
> The other things you list are much more prosaic and there are more
> obvious criteria for deciding who gets access to the t-shirt database
> (people who need to know in order for t-shirts to be shipped, and no-one
> else) than deciding who gets to take part in confidential discussions in
> a project which strives for openness but sometimes has to be non-public
> about some things.
>
> > My counter-contention is we’re more agile and impactful if we’re
> > willing to be generous w/ the latter while correct with the former.
> >
> > As a thought experiment, I’d be +1 on giving jwz a mozilla.org email
> > address, but I doubt he should be in the former ACL group (until such
> > time as he chooses to get more involved).
>
> If we decide @mozilla.org email addresses are for life, then I'd be
> happy with the exit criteria for the two groups being different. But it
> still makes sense to me to unify the entry criteria.
>
> However, that sense fundamentally rests on my belief that we should give
> @mozilla.org email addresses to trusted people. If the consensus is we
> should be more generous than that, then yes, the criteria will need to
> be different.
>
> Gerv
>

Dirkjan Ochtman

unread,
Oct 30, 2013, 3:08:02 PM10/30/13
to Majken Connor, mozilla-g...@lists.mozilla.org, Gervase Markham, David Ascher
On Wed, Oct 30, 2013 at 6:50 PM, Majken Connor <maj...@gmail.com> wrote:
> I also want to suggest maybe there needs to be a time period before a person
> can vouch for new members? I think this is also normal in this type of trust
> system and it also minimizes the damage to the trust structure if someone
> makes it through by mistake.

Yes, though maybe not while the initial seeding is going on?

Cheers,

Dirkjan

Mike Connor

unread,
Oct 30, 2013, 3:18:40 PM10/30/13
to Dirkjan Ochtman, Majken Connor, Gervase Markham, mozilla-g...@lists.mozilla.org, David Ascher
I don't think it'd hurt us too much to have this roll out slowly, rather
than have hundreds of account requests pour in over the first week.

-- Mike

Gervase Markham

unread,
Nov 1, 2013, 12:49:32 PM11/1/13
to Dirkjan Ochtman
On 29/10/13 15:05, Dirkjan Ochtman wrote:
> I understand the need to do downsides, but this seems like a very
> harsh penalty. It would be easy to vouch for someone at some point,
> and at some point 5 years in the future, that someone does something
> bad and gets banned. Is it still fair for the original vouching person
> to be penalized for that?

Good point. Perhaps the connection should expire after a year.

> It seems like timeliness of the vouching must play a role here. The
> scheme I just came up with is, once you get 2 people to vouch for you,
> you get 4 points to vouch with for others (i.e. limiting the amount of
> vouches you can give out, adding some cost to vouching). But, vouches
> deteriorate over time, so after, say, a year, your 2 initial vouches
> are worth less than 1.0, and your access gets revoked unless you find
> some people to vouch for you again. Since people may migrate to
> different areas of the community, it may make sense to have other
> people vouch for you this time compared to last time.

That seems more complex than the above suggestion. Do you think simply
disconnecting voucher and vouchee after a year (i.e. after that, you
stand on your own two feet) would work?

Gerv


Gervase Markham

unread,
Nov 1, 2013, 12:51:11 PM11/1/13
to mozilla-g...@lists.mozilla.org
On 30/10/13 17:50, Majken Connor wrote:
> I think something to keep in mind is that we don't have to find THE 20
> people who are best for this group,

Right.

> I also want to suggest maybe there needs to be a time period before a
> person can vouch for new members? I think this is also normal in this type
> of trust system and it also minimizes the damage to the trust structure if
> someone makes it through by mistake.

Nice idea. Although that would slow down the initial seeding. What sort
of time period do you think would be appropriate?

> Maybe Gerv could start an etherpad to track the proposal and proposals for
> the proposal? ;)

Good idea. I will do that when I get to work on Monday.

> Or looping back we seem to be throwing out some of the work mrz and Reps
> have done, should we ask those people who already did this work to alter
> their proposal to reflect what's been discussed here?

I'm sure they are reading :-) I think it makes sense to come up with a
concrete counter-proposal, and then we can discuss its merits.

Gerv


Benjamin Kerensa

unread,
Nov 1, 2013, 12:59:05 PM11/1/13
to Gervase Markham, Dirkjan Ochtman, mozilla-g...@lists.mozilla.org
On Fri, Nov 1, 2013 at 9:49 AM, Gervase Markham <ge...@mozilla.org> wrote:

> On 29/10/13 15:05, Dirkjan Ochtman wrote:
> > I understand the need to do downsides, but this seems like a very
> > harsh penalty. It would be easy to vouch for someone at some point,
> > and at some point 5 years in the future, that someone does something
> > bad and gets banned. Is it still fair for the original vouching person
> > to be penalized for that?
>
> Good point. Perhaps the connection should expire after a year.
>

My suggestion would be to follow Ubuntu's foot steps by expiring annually
but allowing people to renew in Mozillians.org. In Ubuntu we have
"Membership" and each year it expires but you can login to Launchpad and
tick to renew for another year. This should be easy to add as a feature to
Mozillians.org

Maybe add a e-mail group or something with auto-expiring membership heck it
might make sense to offer a auto-expiration feature for all groups on
Mozillians.org to ensure only active contributors are in groups?


>
> > It seems like timeliness of the vouching must play a role here. The
> > scheme I just came up with is, once you get 2 people to vouch for you,
> > you get 4 points to vouch with for others (i.e. limiting the amount of
> > vouches you can give out, adding some cost to vouching). But, vouches
> > deteriorate over time, so after, say, a year, your 2 initial vouches
> > are worth less than 1.0, and your access gets revoked unless you find
> > some people to vouch for you again. Since people may migrate to
> > different areas of the community, it may make sense to have other
> > people vouch for you this time compared to last time.
>
> That seems more complex than the above suggestion. Do you think simply
> disconnecting voucher and vouchee after a year (i.e. after that, you
> stand on your own two feet) would work?
>
> Gerv
>
>
>
All this vouching seems simply like adding trivial work for others. I
suggest we create a group on Mozillians.org and add a auto-expire feature
and renew membership feature to the platform that all group admins can
choose to enable.

People wanting a e-mail can join the group and it will be administered by
the POC for adding email accounts. In order to join the group a Mozillian
much have been vouched.



--
Benjamin Kerensa
Mozilla Rep
http://mozillausa.org

Gervase Markham

unread,
Nov 1, 2013, 1:07:02 PM11/1/13
to mozilla-g...@lists.mozilla.org
On 01/11/13 16:59, Benjamin Kerensa wrote:
> All this vouching seems simply like adding trivial work for others. I
> suggest we create a group on Mozillians.org and add a auto-expire feature
> and renew membership feature to the platform that all group admins can
> choose to enable.
>
> People wanting a e-mail can join the group and it will be administered by
> the POC for adding email accounts. In order to join the group a Mozillian
> much have been vouched.

This last sentence is precisely what we are all discussing :-)

There is a body of opinion which feels that "being vouched" in the
current mozillians.org is too low a bar for getting an @mozilla.org
email address, given the reputational risk that giving them out
represents to Mozilla. If you think otherwise, then make your case - but
at the moment, you seem to be treating "who can get one" as a minor
detail to be tacked on to the end of a detailed exposition of how to
administer it. Whereas, who can get one is actually the big question :-)
The technical implementation is the trivial bit.

Gerv

Majken Connor

unread,
Nov 1, 2013, 1:34:26 PM11/1/13
to Gervase Markham, mozilla-g...@lists.mozilla.org
Benjamin,

I agree it's a sort of busy-work, but I'm sure it will happen faster than
adding a feature into Mozillians.

I don't think we should be worried about initial seeding being slow. Slow
is good, it lets us see if our plan had blind spots. Things take a LOT more
time to get into motion than it seems. Think about how long we've been
talking about giving out email addresses to community. If doing it right
means it'll take another 6 months before it's properly seeded and accounts
are getting into people's hands I think that's a much better outcome than
doing it quick and dirty and it being a failure.

Case in point, Mozillians was supposed to have this trust structure and it
was too easy to establish trust (one vouch, you can vouch right away). Now
we have to reinvent the wheel. Not necessarily a bad thing, I think it's ok
that Mozillians has turned out this way, but I don't think that was the
original intent.


On Fri, Nov 1, 2013 at 1:07 PM, Gervase Markham <ge...@mozilla.org> wrote:

> On 01/11/13 16:59, Benjamin Kerensa wrote:
> > All this vouching seems simply like adding trivial work for others. I
> > suggest we create a group on Mozillians.org and add a auto-expire feature
> > and renew membership feature to the platform that all group admins can
> > choose to enable.
> >
> > People wanting a e-mail can join the group and it will be administered by
> > the POC for adding email accounts. In order to join the group a Mozillian
> > much have been vouched.
>
> This last sentence is precisely what we are all discussing :-)
>
> There is a body of opinion which feels that "being vouched" in the
> current mozillians.org is too low a bar for getting an @mozilla.org
> email address, given the reputational risk that giving them out
> represents to Mozilla. If you think otherwise, then make your case - but
> at the moment, you seem to be treating "who can get one" as a minor
> detail to be tacked on to the end of a detailed exposition of how to
> administer it. Whereas, who can get one is actually the big question :-)
> The technical implementation is the trivial bit.
>
> Gerv

Benjamin Kerensa

unread,
Nov 1, 2013, 6:39:49 PM11/1/13
to Gervase Markham, mozilla-g...@lists.mozilla.org
On Fri, Nov 1, 2013 at 10:07 AM, Gervase Markham <ge...@mozilla.org> wrote:

> On 01/11/13 16:59, Benjamin Kerensa wrote:
> > All this vouching seems simply like adding trivial work for others. I
> > suggest we create a group on Mozillians.org and add a auto-expire feature
> > and renew membership feature to the platform that all group admins can
> > choose to enable.
> >
> > People wanting a e-mail can join the group and it will be administered by
> > the POC for adding email accounts. In order to join the group a Mozillian
> > much have been vouched.
>
> This last sentence is precisely what we are all discussing :-)
>
> There is a body of opinion which feels that "being vouched" in the
> current mozillians.org is too low a bar for getting an @mozilla.org
> email address, given the reputational risk that giving them out
> represents to Mozilla. If you think otherwise, then make your case - but
> at the moment, you seem to be treating "who can get one" as a minor
> detail to be tacked on to the end of a detailed exposition of how to
> administer it. Whereas, who can get one is actually the big question :-)
> The technical implementation is the trivial bit.
>
> Gerv
>
>

I do think otherwise and although I'm not sure if my case is convincing but
in my honest opinion if folks think vouching being enough is the bar being
set to low well then perhaps we set the bar to low for people being
deserving of a vouch.

To me vouching is more than just signaling someone has made a contribution
to Mozilla but that they have made a sustaining contributions and deserve
the trust of the community and project.

Vouch
*v.* *vouched*, *vouch·ing*, *vouch·es*
*1. * To give personal assurances; give a guarantee: vouch for an old
friend's trustworthiness.

When people vouch someone they are guaranteeing that the person is
trustworthy and a sustained good contributor IMHO.

:mrz

unread,
Nov 2, 2013, 1:33:55 AM11/2/13