1 |
On Thu, Aug 25, 2011 at 5:20 AM, Rich Freeman <rich0@g.o> wrote: |
2 |
> On Thu, Aug 25, 2011 at 6:48 AM, Roy Bamford <neddyseagoon@g.o> wrote: |
3 |
>> It has to be opt-in as opt out would be a dangerous precendent to set. |
4 |
>> |
5 |
>> I don't see any harm is a gentle reminder message from emerge, provided |
6 |
>> that the reminder can be turned off too, if the user really does not |
7 |
>> want to opt in. Thats no worse than being nagged about unread news. |
8 |
> |
9 |
> I tend to agree, the more I think about it. |
10 |
> |
11 |
> The simplest solution (which doesn't require any portage mods/etc), is |
12 |
> to simply make this a package that installs the appropriate logic in |
13 |
> cron.daily, and we send out a news item encouraging users to install |
14 |
> it voluntarily. If the user does nothing, they don't get the package. |
15 |
> |
16 |
> If somebody can come up with really good reason that we should be more |
17 |
> aggressive in promoting it, then we can promote it more aggressively. |
18 |
> That /might/ go as far as a forced opt-in/out decision. However, the |
19 |
> more I think about it the more I'm concerned with pure opt-out by |
20 |
> default. |
21 |
|
22 |
Why is the thread bikeshedding an out-opt that we aren't even |
23 |
considering doing right now? |
24 |
|
25 |
> |
26 |
> The big issue with opt-out is privacy law - especially in Europe |
27 |
> (that's leaving aside just being up-front with users). We'd end up |
28 |
> having to have EULAs or such and perhaps a number of other legal |
29 |
> controls, and I don't think that is a direction that we want to go in. |
30 |
> I'm just not seeing the upside - better to just figure out good ways |
31 |
> to use data that is easy and safe to obtain first. |
32 |
> |
33 |
> Earlier somebody suggested that this decision wasn't really in the |
34 |
> domain of the Council/Trustees. I'm not sure I agree here - any kind |
35 |
> of opt-out data collection is something that has potential legal |
36 |
> ramifications as well as huge reputation concerns for the distro (the |
37 |
> software is distributed from Foundation-owned hardware utilizing a |
38 |
> Foundation-owned domain name and the data goes back to |
39 |
> Foundation-owned hardware - I'm sure any lawyer could make a case for |
40 |
> this). Just because there isn't a policy written down somewhere |
41 |
> doesn't mean that we can't use common sense. Devs certainly don't |
42 |
> need to run everything past the Council, but if you want to do |
43 |
> something high-profile post it on -dev, and if there is an uproar look |
44 |
> for an official second opinion before doing it. |
45 |
|
46 |
We did post to -dev, hence this thread. The point is that we don't |
47 |
need any 'official opinion' to do anything; and I don't want to set |
48 |
that precedent. If you have specific concerns about actions we plan to |
49 |
take (which by the way, we are not planning an opt-out solution. If we |
50 |
plan to do an opt-out solution, we will again have a thread on -dev) |
51 |
then let us know. If you have specific legal concerns about the |
52 |
application, data retention, encryption, logs, backups, onerous |
53 |
european privacy laws, and other such questions you should raise those |
54 |
concerns now. |
55 |
|
56 |
> |
57 |
> Rich |
58 |
> |
59 |
> |