| 1 |
On 07/02/19 07:57, Rich Freeman wrote: |
| 2 |
> On Tue, Jul 2, 2019 at 12:24 AM desultory <desultory@g.o> wrote: |
| 3 |
>> |
| 4 |
>> On 07/01/19 07:59, Rich Freeman wrote: |
| 5 |
>>> On Mon, Jul 1, 2019 at 1:02 AM desultory <desultory@g.o> wrote: |
| 6 |
>>>> |
| 7 |
>>>> publishing PII purely on the basis of disciplinary |
| 8 |
>>>> considerations could be quite reasonably considered to be an outrageous |
| 9 |
>>>> overreach. There are reasons that "doxing" is generally considered to be |
| 10 |
>>>> rather reprehensible. |
| 11 |
>>> |
| 12 |
>>> It obviously is reprehensible. However, nobody is suggesting |
| 13 |
>>> publishing PII for any reason, and I have no idea where this idea even |
| 14 |
>>> came from. |
| 15 |
>>> |
| 16 |
>> How, exactly, is a requirement to provide and publish "legal name as a |
| 17 |
>> natural person, i.e., the name that would appear in a government issued |
| 18 |
>> document" [GLEP76] not a requirement to publish persona data [PII]? |
| 19 |
> |
| 20 |
> It isn't an issue if the person involved publishes itself and Gentoo |
| 21 |
> is merely the medium, IMO. |
| 22 |
> |
| 23 |
In effect, so long as you can get some people to do it, the rest don't |
| 24 |
matter. Is that really such a good stance for an organization which is |
| 25 |
chronically in search of additional volunteers? |
| 26 |
|
| 27 |
>>> Furthermore, I do not think that Gentoo should be collecting PII under |
| 28 |
>>> conditions of confidentiality for any reason in the first place. Nor |
| 29 |
>>> should we be doing any activities that require us to do so, such as |
| 30 |
>>> accepting money from people, or paying people. IMO we do not have the |
| 31 |
>>> demonstrated ability to do this in a safe and compliant manner, and we |
| 32 |
>>> have a history of not performing legally-required activities in a |
| 33 |
>>> compliant manner. |
| 34 |
>>> |
| 35 |
>> Too late, Gentoo has multiple services which collect some form of PII |
| 36 |
>> (e.g. the EU considers an IP address to be, at least potentially, PII), |
| 37 |
>> and retain at least some of that data without publishing it. |
| 38 |
> |
| 39 |
> I said that I don't think that it should be. I never claimed that it wasn't. |
| 40 |
> |
| 41 |
You based your argument on your preference, as opposed to reality. The |
| 42 |
reality is that it does, and that there is no practical way to avoid it |
| 43 |
entirely. Accepting and providing payments are fairly basic operations |
| 44 |
for legal entities to engage in, even if the foundation were to be |
| 45 |
dissolved there would still be financial transactions apropos Gentoo. |
| 46 |
Not to mention that accepting and providing payments are hardly the only |
| 47 |
areas in which PII is exchanged and/or retained. Having a preference |
| 48 |
does not change reality; treating that preference as reality when it is |
| 49 |
counter to reality is, at best, unproductive. |
| 50 |
|
| 51 |
>>> For this reason, I think it would be a big mistake to allow people to |
| 52 |
>>> contribute under pseudonyms under the condition that they reveal their |
| 53 |
>>> real identities to some Gentoo body that would retain this information |
| 54 |
>>> in confidentiality. That would expose Gentoo to a rather large number |
| 55 |
>>> of privacy laws in a large number of places, for IMO little gain. |
| 56 |
>>> |
| 57 |
>> So, under the mistaken premise that Gentoo does not collect or retain |
| 58 |
>> any form of PII you believe that Gentoo should not collect or retain any |
| 59 |
>> PII, correct? |
| 60 |
> |
| 61 |
> I never said that Gentoo doesn't collect PII. I said it shouldn't. |
| 62 |
> And it shouldn't. |
| 63 |
> |
| 64 |
How, exactly, would this work in practice? |
| 65 |
|
| 66 |
>> Knowing that Gentoo does indeed collect and retain some PII, does your |
| 67 |
>> opinion change? |
| 68 |
> |
| 69 |
> No. Obviously whatever PII we do collect needs to be properly |
| 70 |
> protected, just as we ought to be filing taxes and doing various other |
| 71 |
> things that we have trouble doing. |
| 72 |
> |
| 73 |
Are you deliberately implying that Gentoo has systemic problems with |
| 74 |
maintaining user confidentiality where required? If so, why? |
| 75 |
|
| 76 |
> In both cases the problem can simply be avoided by structuring |
| 77 |
> ourselves in a manner that doesn't introduce the burden of compliance. |
| 78 |
> |
| 79 |
Again, you claim that it is a simple matter to restructure services to |
| 80 |
avoid any retention of PII or the need to comply with regulations |
| 81 |
regarding PII, and again, I ask you to detail your simple plan. Or at |
| 82 |
least license the patents to allow Gentoo services to use them. |
| 83 |
|
| 84 |
>> LDAP, though most of that data is now published in some form it is still |
| 85 |
>> by and large a collection of PII. |
| 86 |
> |
| 87 |
> We should not collect non-public PII in LDAP. There is no harm in |
| 88 |
> allowing individuals to freely list their names/locations/etc if they |
| 89 |
> wish, but we shouldn't have anything in the database, other than |
| 90 |
> passwords or similar credentials, which isn't just published on the |
| 91 |
> website. Hence there should be nothing to steal (well, other than |
| 92 |
> passwords, and those are useless after they are changed). |
| 93 |
> |
| 94 |
Again, you state your preferences as though they take precedence over |
| 95 |
reality, while handwaving away any practical considerations, this is not |
| 96 |
productive. |
| 97 |
|
| 98 |
Passwords are often considered high value targets for data theft, even |
| 99 |
if they "are useless after they are changed". You are familiar with the |
| 100 |
common practice of password reuse, aren't you? It is highly deprecated, |
| 101 |
and with good reason, but still quite common. |
| 102 |
|
| 103 |
> As I understand it we've already been pushing to eliminate much of the |
| 104 |
> PII from LDAP as it is - I'm curious as to what still remains that |
| 105 |
> would be of concern. In particular I believe the birthdate field was |
| 106 |
> dropped some time ago. Much of the rest gets published in the |
| 107 |
> directory/etc and so it isn't anything that isn't open to see. |
| 108 |
> |
| 109 |
As I noted, and you even included in your quotation, most of the data is |
| 110 |
public but not all. Given that this is a public mailing list, I will |
| 111 |
leave my description of what unpublished PII is present on LDAP as: |
| 112 |
things which are not typically high value for theft, but still |
| 113 |
technically PII. |
| 114 |
|
| 115 |
>>> None of this is intended as some kind of attack on Trustees/Infra/etc. |
| 116 |
>>> They're volunteers doing the best they can do without pay, and |
| 117 |
>>> generally trying to clean up after a long period of neglect. It is |
| 118 |
>>> simply a fact that if you have nothing to steal, then it is impossible |
| 119 |
>>> to steal it, and no effort is required to protect it. |
| 120 |
>> |
| 121 |
>> Believing that you have nothing worth stealing is no defense against |
| 122 |
>> those who believe that you do and intend to take it. |
| 123 |
> |
| 124 |
> I never claimed that we should shield ourselves with "belief." I said |
| 125 |
> we shouldn't have anything to steal in the first place. |
| 126 |
> |
| 127 |
In that case, you are advocating for having no: passwords, password |
| 128 |
hashes, private e-mail (including security related correspondence), no |
| 129 |
encryption keys, no signing keys, no pre-release code, no closed source |
| 130 |
code, no code not meant for release for any reason at all, no |
| 131 |
confidential data at all, and probably other things that I neglected to |
| 132 |
list. In short, there would need to be an abolition of all services |
| 133 |
which were at all secured just to start with complying with your |
| 134 |
preferences. Dissolving Gentoo as a functional entity to satisfy your |
| 135 |
preferences with regard to the state of Gentoo seems like it would be |
| 136 |
rather counterproductive. |
| 137 |
|
| 138 |
> Sure, that won't stop people from trying. It will definitely stop |
| 139 |
> them from succeeding. |
| 140 |
> |
| 141 |
While we can both agree that you cannot steal something which does not |
| 142 |
exist, you also cannot use it. By your rationale, I appear to be under |
| 143 |
the grossly mistaken impression that we are here to make something |
| 144 |
useful and make that available to ourselves and others to use by means |
| 145 |
of maintaining basic infrastructure by which it is maintained and |
| 146 |
supported in addition to the maintenance of the thing itself. Pardon me |
| 147 |
while I retain, and even attempt to spread, my delusions. |
Archives