1 |
On 07/02/19 07:57, Rich Freeman wrote: |
2 |
> On Tue, Jul 2, 2019 at 12:24 AM desultory <desultory@g.o> wrote: |
3 |
>> |
4 |
>> On 07/01/19 07:59, Rich Freeman wrote: |
5 |
>>> On Mon, Jul 1, 2019 at 1:02 AM desultory <desultory@g.o> wrote: |
6 |
>>>> |
7 |
>>>> publishing PII purely on the basis of disciplinary |
8 |
>>>> considerations could be quite reasonably considered to be an outrageous |
9 |
>>>> overreach. There are reasons that "doxing" is generally considered to be |
10 |
>>>> rather reprehensible. |
11 |
>>> |
12 |
>>> It obviously is reprehensible. However, nobody is suggesting |
13 |
>>> publishing PII for any reason, and I have no idea where this idea even |
14 |
>>> came from. |
15 |
>>> |
16 |
>> How, exactly, is a requirement to provide and publish "legal name as a |
17 |
>> natural person, i.e., the name that would appear in a government issued |
18 |
>> document" [GLEP76] not a requirement to publish persona data [PII]? |
19 |
> |
20 |
> It isn't an issue if the person involved publishes itself and Gentoo |
21 |
> is merely the medium, IMO. |
22 |
> |
23 |
In effect, so long as you can get some people to do it, the rest don't |
24 |
matter. Is that really such a good stance for an organization which is |
25 |
chronically in search of additional volunteers? |
26 |
|
27 |
>>> Furthermore, I do not think that Gentoo should be collecting PII under |
28 |
>>> conditions of confidentiality for any reason in the first place. Nor |
29 |
>>> should we be doing any activities that require us to do so, such as |
30 |
>>> accepting money from people, or paying people. IMO we do not have the |
31 |
>>> demonstrated ability to do this in a safe and compliant manner, and we |
32 |
>>> have a history of not performing legally-required activities in a |
33 |
>>> compliant manner. |
34 |
>>> |
35 |
>> Too late, Gentoo has multiple services which collect some form of PII |
36 |
>> (e.g. the EU considers an IP address to be, at least potentially, PII), |
37 |
>> and retain at least some of that data without publishing it. |
38 |
> |
39 |
> I said that I don't think that it should be. I never claimed that it wasn't. |
40 |
> |
41 |
You based your argument on your preference, as opposed to reality. The |
42 |
reality is that it does, and that there is no practical way to avoid it |
43 |
entirely. Accepting and providing payments are fairly basic operations |
44 |
for legal entities to engage in, even if the foundation were to be |
45 |
dissolved there would still be financial transactions apropos Gentoo. |
46 |
Not to mention that accepting and providing payments are hardly the only |
47 |
areas in which PII is exchanged and/or retained. Having a preference |
48 |
does not change reality; treating that preference as reality when it is |
49 |
counter to reality is, at best, unproductive. |
50 |
|
51 |
>>> For this reason, I think it would be a big mistake to allow people to |
52 |
>>> contribute under pseudonyms under the condition that they reveal their |
53 |
>>> real identities to some Gentoo body that would retain this information |
54 |
>>> in confidentiality. That would expose Gentoo to a rather large number |
55 |
>>> of privacy laws in a large number of places, for IMO little gain. |
56 |
>>> |
57 |
>> So, under the mistaken premise that Gentoo does not collect or retain |
58 |
>> any form of PII you believe that Gentoo should not collect or retain any |
59 |
>> PII, correct? |
60 |
> |
61 |
> I never said that Gentoo doesn't collect PII. I said it shouldn't. |
62 |
> And it shouldn't. |
63 |
> |
64 |
How, exactly, would this work in practice? |
65 |
|
66 |
>> Knowing that Gentoo does indeed collect and retain some PII, does your |
67 |
>> opinion change? |
68 |
> |
69 |
> No. Obviously whatever PII we do collect needs to be properly |
70 |
> protected, just as we ought to be filing taxes and doing various other |
71 |
> things that we have trouble doing. |
72 |
> |
73 |
Are you deliberately implying that Gentoo has systemic problems with |
74 |
maintaining user confidentiality where required? If so, why? |
75 |
|
76 |
> In both cases the problem can simply be avoided by structuring |
77 |
> ourselves in a manner that doesn't introduce the burden of compliance. |
78 |
> |
79 |
Again, you claim that it is a simple matter to restructure services to |
80 |
avoid any retention of PII or the need to comply with regulations |
81 |
regarding PII, and again, I ask you to detail your simple plan. Or at |
82 |
least license the patents to allow Gentoo services to use them. |
83 |
|
84 |
>> LDAP, though most of that data is now published in some form it is still |
85 |
>> by and large a collection of PII. |
86 |
> |
87 |
> We should not collect non-public PII in LDAP. There is no harm in |
88 |
> allowing individuals to freely list their names/locations/etc if they |
89 |
> wish, but we shouldn't have anything in the database, other than |
90 |
> passwords or similar credentials, which isn't just published on the |
91 |
> website. Hence there should be nothing to steal (well, other than |
92 |
> passwords, and those are useless after they are changed). |
93 |
> |
94 |
Again, you state your preferences as though they take precedence over |
95 |
reality, while handwaving away any practical considerations, this is not |
96 |
productive. |
97 |
|
98 |
Passwords are often considered high value targets for data theft, even |
99 |
if they "are useless after they are changed". You are familiar with the |
100 |
common practice of password reuse, aren't you? It is highly deprecated, |
101 |
and with good reason, but still quite common. |
102 |
|
103 |
> As I understand it we've already been pushing to eliminate much of the |
104 |
> PII from LDAP as it is - I'm curious as to what still remains that |
105 |
> would be of concern. In particular I believe the birthdate field was |
106 |
> dropped some time ago. Much of the rest gets published in the |
107 |
> directory/etc and so it isn't anything that isn't open to see. |
108 |
> |
109 |
As I noted, and you even included in your quotation, most of the data is |
110 |
public but not all. Given that this is a public mailing list, I will |
111 |
leave my description of what unpublished PII is present on LDAP as: |
112 |
things which are not typically high value for theft, but still |
113 |
technically PII. |
114 |
|
115 |
>>> None of this is intended as some kind of attack on Trustees/Infra/etc. |
116 |
>>> They're volunteers doing the best they can do without pay, and |
117 |
>>> generally trying to clean up after a long period of neglect. It is |
118 |
>>> simply a fact that if you have nothing to steal, then it is impossible |
119 |
>>> to steal it, and no effort is required to protect it. |
120 |
>> |
121 |
>> Believing that you have nothing worth stealing is no defense against |
122 |
>> those who believe that you do and intend to take it. |
123 |
> |
124 |
> I never claimed that we should shield ourselves with "belief." I said |
125 |
> we shouldn't have anything to steal in the first place. |
126 |
> |
127 |
In that case, you are advocating for having no: passwords, password |
128 |
hashes, private e-mail (including security related correspondence), no |
129 |
encryption keys, no signing keys, no pre-release code, no closed source |
130 |
code, no code not meant for release for any reason at all, no |
131 |
confidential data at all, and probably other things that I neglected to |
132 |
list. In short, there would need to be an abolition of all services |
133 |
which were at all secured just to start with complying with your |
134 |
preferences. Dissolving Gentoo as a functional entity to satisfy your |
135 |
preferences with regard to the state of Gentoo seems like it would be |
136 |
rather counterproductive. |
137 |
|
138 |
> Sure, that won't stop people from trying. It will definitely stop |
139 |
> them from succeeding. |
140 |
> |
141 |
While we can both agree that you cannot steal something which does not |
142 |
exist, you also cannot use it. By your rationale, I appear to be under |
143 |
the grossly mistaken impression that we are here to make something |
144 |
useful and make that available to ourselves and others to use by means |
145 |
of maintaining basic infrastructure by which it is maintained and |
146 |
supported in addition to the maintenance of the thing itself. Pardon me |
147 |
while I retain, and even attempt to spread, my delusions. |