| 1 |
On Thu, Aug 25, 2011 at 5:20 AM, Rich Freeman <rich0@g.o> wrote: |
| 2 |
> On Thu, Aug 25, 2011 at 6:48 AM, Roy Bamford <neddyseagoon@g.o> wrote: |
| 3 |
>> It has to be opt-in as opt out would be a dangerous precendent to set. |
| 4 |
>> |
| 5 |
>> I don't see any harm is a gentle reminder message from emerge, provided |
| 6 |
>> that the reminder can be turned off too, if the user really does not |
| 7 |
>> want to opt in. Thats no worse than being nagged about unread news. |
| 8 |
> |
| 9 |
> I tend to agree, the more I think about it. |
| 10 |
> |
| 11 |
> The simplest solution (which doesn't require any portage mods/etc), is |
| 12 |
> to simply make this a package that installs the appropriate logic in |
| 13 |
> cron.daily, and we send out a news item encouraging users to install |
| 14 |
> it voluntarily. If the user does nothing, they don't get the package. |
| 15 |
> |
| 16 |
> If somebody can come up with really good reason that we should be more |
| 17 |
> aggressive in promoting it, then we can promote it more aggressively. |
| 18 |
> That /might/ go as far as a forced opt-in/out decision. However, the |
| 19 |
> more I think about it the more I'm concerned with pure opt-out by |
| 20 |
> default. |
| 21 |
|
| 22 |
Why is the thread bikeshedding an out-opt that we aren't even |
| 23 |
considering doing right now? |
| 24 |
|
| 25 |
> |
| 26 |
> The big issue with opt-out is privacy law - especially in Europe |
| 27 |
> (that's leaving aside just being up-front with users). We'd end up |
| 28 |
> having to have EULAs or such and perhaps a number of other legal |
| 29 |
> controls, and I don't think that is a direction that we want to go in. |
| 30 |
> I'm just not seeing the upside - better to just figure out good ways |
| 31 |
> to use data that is easy and safe to obtain first. |
| 32 |
> |
| 33 |
> Earlier somebody suggested that this decision wasn't really in the |
| 34 |
> domain of the Council/Trustees. I'm not sure I agree here - any kind |
| 35 |
> of opt-out data collection is something that has potential legal |
| 36 |
> ramifications as well as huge reputation concerns for the distro (the |
| 37 |
> software is distributed from Foundation-owned hardware utilizing a |
| 38 |
> Foundation-owned domain name and the data goes back to |
| 39 |
> Foundation-owned hardware - I'm sure any lawyer could make a case for |
| 40 |
> this). Just because there isn't a policy written down somewhere |
| 41 |
> doesn't mean that we can't use common sense. Devs certainly don't |
| 42 |
> need to run everything past the Council, but if you want to do |
| 43 |
> something high-profile post it on -dev, and if there is an uproar look |
| 44 |
> for an official second opinion before doing it. |
| 45 |
|
| 46 |
We did post to -dev, hence this thread. The point is that we don't |
| 47 |
need any 'official opinion' to do anything; and I don't want to set |
| 48 |
that precedent. If you have specific concerns about actions we plan to |
| 49 |
take (which by the way, we are not planning an opt-out solution. If we |
| 50 |
plan to do an opt-out solution, we will again have a thread on -dev) |
| 51 |
then let us know. If you have specific legal concerns about the |
| 52 |
application, data retention, encryption, logs, backups, onerous |
| 53 |
european privacy laws, and other such questions you should raise those |
| 54 |
concerns now. |
| 55 |
|
| 56 |
> |
| 57 |
> Rich |
| 58 |
> |
| 59 |
> |
Archives