Breeding, Marshall wrote:
If you believe that being listed in a directory or wiki of any sort is dangerous, then you are relying on security through obscurity, with is no real security at all.
I'm not sure I can convey this any more clearly: I am not arguing against all listing (although I believe it should be a matter of choice), but I am arguing against listing details which can be used for fraudulent authentication. I even put that bit in bold in the last email, so I'm surprised anyone's missing it still. It feels a bit like wilful misunderstanding for the sake of an argument. Would someone like to try calling up libraries from lib-web-cats, pretending to be from their provider and see if they can get a staff login? I'm hoping public-sector libraries will have some protocol defence, as they should expect to work under freedom of information, but there's plenty more in there. I think library staff might be better at choosing the right words to convince other library staff...
I believe that libraries have vital interests in having users find them on the Web. [...]
I'm pretty sceptical that many users find libraries through lib-web-cats.
also in the interest of persons who work in libraries to know the automation systems used by their peers so that they can make well-informed decisions regarding technology strategies.
I'm not so sure about that (I've met peer-use requirements in procurement and that's a barrier to innovation) but basically the more information the more easily the better. I really don't think lib-web-cats is a viable alternative to a popcon, especially as it currently stands. It includes too much of some data and not enough of others and the terms are non-FOSS.
I've put in thousands of hours of work on lib-web-cats since it was initially created in 1995 and launched on the Web in 1977. The views of one individual should not undermine this project.
(I'm assuming that's a typing error, rather than time travel. ;-) ) Not undermine, but maybe convince you to fix it. So you've put in thousands of hours: what's going to happen when you're no longer able to? Will it stagnate and die, like so many other web projects I've seen since I started in 1994? That'll be tragic.
It's not helpful to try to convince libraries that they should isolate themselves on the Web.
Which isn't what I'm trying to do. I'm saying don't expect everyone to stand naked in the wrong neighbourhood.
That, to me, contradicts the spirit of engagement that is vital to the mission of libraries today. And that is my key interest.
I'm suggesting connecting more libraries to the project and yet I'm against "the spirit of engagement" because I don't want it done through lib-web-cats? Wow. Really. Wow.
[...] I get a sense from the discussions on IRC that at least some think I'm against the project in some way, which is not the case.
So hopefully non-Koha libraries won't be listed as Koha, and Product and Provider will be split in the near future. ;-) After all, Koha's only had multiple providers for about a decade, so it'd be nice to see FOSS ILSes fit in lib-web-cats properly, instead of being shoehorned through proprietary ILS concepts. Hope that explains, -- MJ Ray (slef), member of www.software.coop, a for-more-than-profit co-op. http://koha-community.org supporter, web and LMS developer, statistician. In My Opinion Only: see http://mjr.towers.org.uk/email.html Available for hire for Koha work http://www.software.coop/products/koha