[Koha-devel] Test Request

Jared Camins-Esakov jcamins at cpbibliography.com
Tue Sep 24 19:53:21 CEST 2013 

Galen,

And this, ultimately, is what makes me nervous about this proposal -- it's
> one thing for an academic library to inadvertently reveal confidential
> bibliographic records.  That may cause annoyance, it may anger donors of
> materials in an archival collection, it may at a stretch cost somebody a
> job -- but the consequences do not reach to the level of affecting
> somebody's safety or freedom of movement.
>
> Whether or not the patch passes QA and my review on the technical merits
> and gets pushed for 3.14 or any future release, I /strongly/ encourage you
> to consider that air-gap security [1] may better protect the users in
> question than any possible implementation in Koha, which simply is not
> design as a high-security application.
>

I would like to second this. Unless you are prepared to make That Phone
Call, if you truly believe that inadvertently exposing bibliographic
records to the wrong person could have serious consequences, MAKE SURE IT
IS IMPOSSIBLE. If there's no possibility of error, there is no danger of
the error happening at the worst possible moment. Books are precious, but
people are infinitely more so.

Also, I would not put much reliance on the fact that there is not currently
any violence around the libraries in question. That sort of thing changes
quickly. If you really need an example, I can share one.

Obviously one of the strengths of open source software is you can do
whatever you want with it, even putting the code in question into
production if it fails the QA process, but please, Please, PLEASE consider
very seriously whether this would best serve your users.

Regards,
Jared

-- 
Jared Camins-Esakov
Bibliographer, C & P Bibliography Services, LLC
(phone) +1 (917) 727-3445
(e-mail) jcamins at cpbibliography.com
(web) http://www.cpbibliography.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20130924/41c78845/attachment-0001.html>

More information about the Koha-devel mailing list