1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 25-08-2011 14:35, Alec Warner wrote: |
5 |
> On Thu, Aug 25, 2011 at 5:20 AM, Rich Freeman <rich0@g.o> |
6 |
> wrote: |
7 |
<snip> |
8 |
>> The big issue with opt-out is privacy law - especially in Europe |
9 |
>> (that's leaving aside just being up-front with users). We'd end |
10 |
>> up having to have EULAs or such and perhaps a number of other |
11 |
>> legal controls, and I don't think that is a direction that we want |
12 |
>> to go in. I'm just not seeing the upside - better to just figure |
13 |
>> out good ways to use data that is easy and safe to obtain first. |
14 |
>> |
15 |
>> Earlier somebody suggested that this decision wasn't really in the |
16 |
>> domain of the Council/Trustees. I'm not sure I agree here - any |
17 |
>> kind of opt-out data collection is something that has potential |
18 |
>> legal ramifications as well as huge reputation concerns for the |
19 |
>> distro (the software is distributed from Foundation-owned hardware |
20 |
>> utilizing a Foundation-owned domain name and the data goes back to |
21 |
>> Foundation-owned hardware - I'm sure any lawyer could make a case |
22 |
>> for this). Just because there isn't a policy written down |
23 |
>> somewhere doesn't mean that we can't use common sense. Devs |
24 |
>> certainly don't need to run everything past the Council, but if you |
25 |
>> want to do something high-profile post it on -dev, and if there is |
26 |
>> an uproar look for an official second opinion before doing it. |
27 |
> |
28 |
> We did post to -dev, hence this thread. The point is that we don't |
29 |
> need any 'official opinion' to do anything; and I don't want to set |
30 |
> that precedent. If you have specific concerns about actions we plan |
31 |
> to take (which by the way, we are not planning an opt-out solution. |
32 |
> If we plan to do an opt-out solution, we will again have a thread on |
33 |
> -dev) then let us know. If you have specific legal concerns about |
34 |
> the application, data retention, encryption, logs, backups, onerous |
35 |
> european privacy laws, and other such questions you should raise |
36 |
> those concerns now. |
37 |
|
38 |
I've picked this message as I want to address one point in this thread |
39 |
that was focused on this sub-thread. |
40 |
I disagree with the idea that adding an application to the Gentoo tree |
41 |
that collects data from users and sends it to a central (or distributed) |
42 |
system is the same as adding any other application to the tree. |
43 |
Having the ability to add ebuilds to the tree is part of what you gain |
44 |
by getting gentoo-x86 access. Issues with significant users privacy |
45 |
concerns and substantial changes like adding packages to the tree that |
46 |
collect data from users and compile it, should not be at the discretion |
47 |
of individual developers but be subject of global policies that should |
48 |
take into account the legal ramifications (trustees) and reflect the |
49 |
developers desire and goals (council). |
50 |
|
51 |
- -- |
52 |
Regards, |
53 |
|
54 |
Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org |
55 |
Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng |
56 |
-----BEGIN PGP SIGNATURE----- |
57 |
Version: GnuPG v2.0.18 (GNU/Linux) |
58 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
59 |
|
60 |
iQIcBAEBAgAGBQJOVxCXAAoJEC8ZTXQF1qEP7KAQAJBwDHp4aS+5l8gahHUrsWYI |
61 |
0gUpO+qtsFODsKToQa4ZZ9jTZhFvN0iscyApXvgO8FBOnPzFCMiq+LblI/j/cnFK |
62 |
OwVYJ4/tvcc1C1fE1lQecd1kNVlnVLCEvR8NbeKA184ty4kS7cJy2FqAiWbzGGno |
63 |
/zNsQI+iDUg6ZCamCz29EZ5FJgfUzXzG+Ipbh61T0c/Ukugq5xHA8c5zTzoRre2u |
64 |
/fSRMM9qPakmgaHJoV8t+8B0ejJccW/+MquKIyFdDnUDvQH5U/RnXl3D5oe7+0vb |
65 |
Eak3VB5iUrkZifqhpOQMEeAtuNColigPy4oPr6BsQz7t0uiC2M0MHei4cigbN8kn |
66 |
yp4U+RZE4PhJ/+b/U/jnaiidGu8IF+Kdl3DPgCR130N4vbpO8u7KjyphdoL7QZx5 |
67 |
hnc3A5ZxQxraQolKtFnl8Be8P5NvuKdiP192wYmACuCw3W95XVNDtUhc63n++fqo |
68 |
0K9WTEudO+JZN7JYZFSU6OJo5hvujHcQvvIO2sG30Q56x7EfvCRFCzMUsRC8mU0L |
69 |
uSKW+YFHVp1+yCJ9BbnTWp9afPUVQ56/1YtCxLDsqEi0lI7otm0TpuJFIC/fDJ1F |
70 |
Hf9Kqaap9kZzc1WBKuMY0Rvvf8CKf/9bd9QTxT5Fz/tpiNGkU9MTMFPHghDFUP8h |
71 |
773YR/NFapQVLHyqemla |
72 |
=G4Y6 |
73 |
-----END PGP SIGNATURE----- |