| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 25-08-2011 14:35, Alec Warner wrote: |
| 5 |
> On Thu, Aug 25, 2011 at 5:20 AM, Rich Freeman <rich0@g.o> |
| 6 |
> wrote: |
| 7 |
<snip> |
| 8 |
>> The big issue with opt-out is privacy law - especially in Europe |
| 9 |
>> (that's leaving aside just being up-front with users). We'd end |
| 10 |
>> up having to have EULAs or such and perhaps a number of other |
| 11 |
>> legal controls, and I don't think that is a direction that we want |
| 12 |
>> to go in. I'm just not seeing the upside - better to just figure |
| 13 |
>> out good ways to use data that is easy and safe to obtain first. |
| 14 |
>> |
| 15 |
>> Earlier somebody suggested that this decision wasn't really in the |
| 16 |
>> domain of the Council/Trustees. I'm not sure I agree here - any |
| 17 |
>> kind of opt-out data collection is something that has potential |
| 18 |
>> legal ramifications as well as huge reputation concerns for the |
| 19 |
>> distro (the software is distributed from Foundation-owned hardware |
| 20 |
>> utilizing a Foundation-owned domain name and the data goes back to |
| 21 |
>> Foundation-owned hardware - I'm sure any lawyer could make a case |
| 22 |
>> for this). Just because there isn't a policy written down |
| 23 |
>> somewhere doesn't mean that we can't use common sense. Devs |
| 24 |
>> certainly don't need to run everything past the Council, but if you |
| 25 |
>> want to do something high-profile post it on -dev, and if there is |
| 26 |
>> an uproar look for an official second opinion before doing it. |
| 27 |
> |
| 28 |
> We did post to -dev, hence this thread. The point is that we don't |
| 29 |
> need any 'official opinion' to do anything; and I don't want to set |
| 30 |
> that precedent. If you have specific concerns about actions we plan |
| 31 |
> to take (which by the way, we are not planning an opt-out solution. |
| 32 |
> If we plan to do an opt-out solution, we will again have a thread on |
| 33 |
> -dev) then let us know. If you have specific legal concerns about |
| 34 |
> the application, data retention, encryption, logs, backups, onerous |
| 35 |
> european privacy laws, and other such questions you should raise |
| 36 |
> those concerns now. |
| 37 |
|
| 38 |
I've picked this message as I want to address one point in this thread |
| 39 |
that was focused on this sub-thread. |
| 40 |
I disagree with the idea that adding an application to the Gentoo tree |
| 41 |
that collects data from users and sends it to a central (or distributed) |
| 42 |
system is the same as adding any other application to the tree. |
| 43 |
Having the ability to add ebuilds to the tree is part of what you gain |
| 44 |
by getting gentoo-x86 access. Issues with significant users privacy |
| 45 |
concerns and substantial changes like adding packages to the tree that |
| 46 |
collect data from users and compile it, should not be at the discretion |
| 47 |
of individual developers but be subject of global policies that should |
| 48 |
take into account the legal ramifications (trustees) and reflect the |
| 49 |
developers desire and goals (council). |
| 50 |
|
| 51 |
- -- |
| 52 |
Regards, |
| 53 |
|
| 54 |
Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org |
| 55 |
Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng |
| 56 |
-----BEGIN PGP SIGNATURE----- |
| 57 |
Version: GnuPG v2.0.18 (GNU/Linux) |
| 58 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
| 59 |
|
| 60 |
iQIcBAEBAgAGBQJOVxCXAAoJEC8ZTXQF1qEP7KAQAJBwDHp4aS+5l8gahHUrsWYI |
| 61 |
0gUpO+qtsFODsKToQa4ZZ9jTZhFvN0iscyApXvgO8FBOnPzFCMiq+LblI/j/cnFK |
| 62 |
OwVYJ4/tvcc1C1fE1lQecd1kNVlnVLCEvR8NbeKA184ty4kS7cJy2FqAiWbzGGno |
| 63 |
/zNsQI+iDUg6ZCamCz29EZ5FJgfUzXzG+Ipbh61T0c/Ukugq5xHA8c5zTzoRre2u |
| 64 |
/fSRMM9qPakmgaHJoV8t+8B0ejJccW/+MquKIyFdDnUDvQH5U/RnXl3D5oe7+0vb |
| 65 |
Eak3VB5iUrkZifqhpOQMEeAtuNColigPy4oPr6BsQz7t0uiC2M0MHei4cigbN8kn |
| 66 |
yp4U+RZE4PhJ/+b/U/jnaiidGu8IF+Kdl3DPgCR130N4vbpO8u7KjyphdoL7QZx5 |
| 67 |
hnc3A5ZxQxraQolKtFnl8Be8P5NvuKdiP192wYmACuCw3W95XVNDtUhc63n++fqo |
| 68 |
0K9WTEudO+JZN7JYZFSU6OJo5hvujHcQvvIO2sG30Q56x7EfvCRFCzMUsRC8mU0L |
| 69 |
uSKW+YFHVp1+yCJ9BbnTWp9afPUVQ56/1YtCxLDsqEi0lI7otm0TpuJFIC/fDJ1F |
| 70 |
Hf9Kqaap9kZzc1WBKuMY0Rvvf8CKf/9bd9QTxT5Fz/tpiNGkU9MTMFPHghDFUP8h |
| 71 |
773YR/NFapQVLHyqemla |
| 72 |
=G4Y6 |
| 73 |
-----END PGP SIGNATURE----- |
Archives