I understand that it’s impossible to see the edits for the email users, but for all other users, this is really helpful, since all important information goes to the first post and one does not have to read tens of posts below.
Perhaps, for mail users, the editing person could write down what is added.
Current version of the first post
(Got good feedback already, so information from comments responding to this post have been added to this post)
Definition of “security labels”: For this document, I’ll refer to all the types of important security related information that would be good to be known about a qube when making decisions about it as “security labels” (colors will be one way of expressing that information)
What we want to express:
Some information we might need to convey through the security labels is
How vulnerable the qube is (example: expressing that it has full network access, restricted network access (which depends on the level of trust of who you are connecting to),no network access, untrusted printer drivers or not, trust level of the applications in that template, etc)
How valuable the information in the qube is. (a example could be “this qube is used for banking” vs “this qube is used for general web browsing” vs “this qube contains my gpg and ssh keys”) (“value” can be alternatively phrased as how costly disclosure of that information would be)
Identity (examples: personal vs work vs secret identity)
So first question is: What other types of security related information might be good to know about when one is making decisions related to a qube?
To help people get ideas, a example of one attempt at categorization is:
Everything after this line is old stuff from the original version of this post (that should probably be removed now):
Any proposals for extending the qubes label/color system to handle this?
I’ll kick things off with the following initial proposal, and see if it inspires anyone with a better proposal:
(Here I had put a proposal that had already been proposed in the github issues)
As I said. I’m hoping for people to improve on this idea. What other options can people think of?
[quote]
Note: I have updated the original post with information from comments from many users.
I’m game to discuss this. Does someone who knows how want to separate these 3 responses into a separate discussion with a appropriate topic, and we can discuss it there?
First: I’m going to assume that “shouty shout” refers to you trying to convey the idea that your shouting and are passionate about what you are saying. (as the other interpretation does not make any sense)
I had not thought about email only users and was not considering them at the time.
So the question is, is updating the original post really a problem for email users?
I mostly just summarized the information that other people had sent to the channel. So the email users should already have been exposed to this information from when that person commented on it.
So the question is, is updating the original post really a problem for email users?
In general: yes
just summarized the information that other people had sent to the channel.
That would be the one exception then.
This was discussed at length before. The arguments for “edit”:
being able to change spelling errors
being able to remove embarrassing information
“feel ownership” of posts and being able to change your mind
Note: all changes are documented in the history function of the forum anyway, all email users have copies of the original post
Arguments against “edit”:
you should think BEFORE you post
this is how mailing lists work (expectation of existing users who where promised the forum wouldn’t interfere with the way how they interface)
if you change anything other than spelling errors the answers of others might make less sense
it provokes excessive quoting (to preemptively counteract edits after the fact)
Note that many of the most security and privacy focused people use email as it does not require JavaScript and Cookies to interact with the forum.
When you post to the forum a 10 minute timer starts. After those 10 minutes your post gets sent to the email users. Any edit you did before that timeout will be seen in the email. Any edit after the email was sent won’t.
As a common courtesy and as long as it doesn’t make you feel “unsafe” it would be greatly appreciated to post new or changed information as a reply instead of editing the original post.
Nobody is able to think BEFORE they post, because we are all humans (me included)
This is how forums work (expectation of all forum users and one of the features of the forum software)
If you do not trust your users, you should not allow them to post anything at all, because the original post (before the edit) could be misleading for someone, too
being able to change actual (technical) mistakes which would mislead users
Also, currently we have 10 minutes before the posts are sent to the email users, whereas allowed edit time (without permanent history) is only 5 minutes. Why?
Another one (and the one that triggered this discussion): being able to summarize information so that new users reading the topic can get a better overview.
To me this whole thing sounds like a minor issue.
I consider these helpful and non-impactful in any way to email users. Post editing has many advantages and users expect it. If someone changes something, it’s unlikely other users (here on the forum) will ever go back and see the change.
So I have a question: is it so frequent the case where users update their posts with information crucial for the email readability, to justify trumping yet another great usability feature of a web-based forum?
Note: if an email users wants to check out the edited post, they can also visit the website without javascript. It renders appropriately… I would argue this is not convenient, but then again, how often does this happen??
It’s really quite simple: if you want email users (like @unman and myself) to see your posts and respond to them, then make sure they are sent as an email (e.g. by posting your edits as an additional reply).
Context of this thread:
My original post was one saying “i want people to come up with ideas for how we communicate security related information”, and then I added the ideas that people came up with to the original post.
I then added a post saying that I integrated that information into the original post (with the idea that it would notify people who’s ideas i integrated, giving them a chance to argue that the information that I integrated is not what they were actually trying to say)
Then unman replied with “please don’t do this”. unmans reply has been broken out and has become the first post of this thread/page.
What I’m actually saying (now that the context part is done):
If there is a consensus on how we communicate, I’m willing to go with it, but it sounds like it’s not something that will get agreed upon any time soon.
So my personal goal for this thread will be to figure out how to notify appropriate people when finishing a edit like this in the future. When making a edit, if I add the atsign-name of anyone who should be notified, would those people be automatically notified? Would they be automatically emailed a copy of the edit?
If I already knew the answer, I wouldn’t be posting in the first place.
Just curious, would it be possible to implement sending an email 10 minutes after a post was edited?
It seems to me that @Sven clearly explained that your particular case is an exception from this discussion and you should update your first post for the convenience of other users.
How about my above suggestion to use the spoiler instrument?
I guess there is another concern I haven’t mentioned, which is spamming the page with “i updated, i updated, i updated”.
I’m open to that as a solution
I don’t understand how that relates to the words “spoiler instrument”
Maybe a option for the editor to click “save and email” or “just save” (the idea being not to spam for trivial changes)
or maybe a “email to specific list”?
At this point we’re talking about modifying software. If you believe this is useful enough to justify development time, please take it to meta.discourse.org.
To be clear - this has nothing to do with @ddevz, but is a general
problem that has affected mail users.
It seems that a reasonable approach can be adopted which suits all
parties. This should be used across the Forum, (and somehow notified to
all users).
On the specific thread, I can see the updated post quoted in later
email, (as well as the very helpful post by @fslover)
Comparing the edited post with the original, it’s obvious that it goes
well beyond just summarising the information or anything in the
replies. Not a bad thing, but the fact is that email users would not
have seen the pivot in the thread just by reading replies.
It’s not. As Sven said, if users want replies from email users, then
they will have to adopt this mechanism.
It’s ironic that this arises because of the perceived benefit for users
in pulling together a summary rather than having to read through many
posts, but email users were apparently expected to do exactly this.
I don’t see how this is more unenforceable than any other norms on the
Forum, including policing of manners. If the “spoiler” approach is
adopted, then it will be a norm, can be enforced, and will be used.