On 25/10/13 13:16, Gervase Markham wrote:
> At the moment, a discussion is going on about how we can create a set of
> trusted people who can take part in Mozilla-internal discussions on
> topics that we don't yet want shared with the press. It seems like the
> problem of who gets @mozilla.org
email addresses is a similar problem.
> Perhaps the two could be combined? We need to have a big effort to
> figure out how to define this group, and then give them both the email
> addresses and the internal forum access.
At the Festival, I was encouraged to elaborate on this. I've talked
about my idea elsewhere, but here it is again:
There are now at least two reasons we need to define a subset of
Mozillians who are trusted by the community.
The first is that we want to have a discussion forum where we can talk
about sensitive subjects in a group larger than "employees" but smaller
than "public". We've needed this for ages, and we still need it. And we
need to define who's in and who's out, and how you decide.
The second is that we want to give out @mozilla.org
email addresses to
people who we are confident will not use them to damage Mozilla's
reputation. This is also a trust issue. As we are finding out, we need
to define who's in and who's out, and how you decide.
My contention is that these two groups could be the same group.
In order to define this group well, we need to "encode" existing trust
relationships. Here is my proposal, which I call the 'Mafia' way of
building a trust network.
We seed the group with, say, twenty or so people whose status as
Mozillians is beyond doubt. We then say that anyone else can be admitted
to the group if they are endorsed (I won't say "vouched", as it's
confusing!) by two existing members. And if that person is found to have
broken a confidence or otherwise behaved in a way which leads to loss of
privileges or access, the two people who vouched for them also lose
those privileges, for a period of six months. (Hence, tongue-in-cheek,
'Mafia' - "if you cross us, we'll come after you _and_ your parents".)
This makes endorsing someone an action with real downsides, which is the
only way to ensure that endorsements will be carefully considered, and
people only endorse people they actively trust.
If I vouch for someone in mozillians.org
and they later act highly
inappropriately, nothing bad happens to me. There's no downside to me
simply vouching for anyone who asks, which makes it very easy to get
vouched for. In order to build a real web of trust, we need to change that.