1 |
On 18-06-20 10:16:01, Michał Górny wrote: |
2 |
> Hello, everyone. |
3 |
> |
4 |
> I'd like to revive the topic of requiring date-of-birth for developers. |
5 |
> Currently, we 'require' this date in developer applications and store it |
6 |
> in our LDAP (it's not public). However, I'm not aware of any good |
7 |
> justification for collecting this kind of personal information. |
8 |
> |
9 |
> The Trustees are apparently 'researching' the topic since at least |
10 |
> Feb 2017 [1], and haven't reached anything yet [2]. In the meantime, |
11 |
> applicants are asked to provide their DoB with no clear explanation why |
12 |
> they need to do that or how it's going to be used (the last part of dev |
13 |
> quiz [3]). |
14 |
> |
15 |
> So unless someone can provide *a really good reason* to request this |
16 |
> kind of information, I'd like to propose that we remove the question |
17 |
> from the developer quiz, and remove collected birthday dates from LDAP. |
18 |
> |
19 |
> What do you think? |
20 |
> |
21 |
> [1]:https://wiki.gentoo.org/wiki/Foundation:Meetings/2017/02#prometheanfire |
22 |
> [2]:https://wiki.gentoo.org/wiki/Foundation:Meetings/2018/06#alicef |
23 |
> [3]:https://projects.gentoo.org/comrel/recruiters/quizzes/developer-quiz.txt |
24 |
> |
25 |
|
26 |
This is my intrepretation / rememberance of events. |
27 |
|
28 |
So, what originally brought this up was that the copyright assignment |
29 |
currently done is essensially a legal agreement. In order for it to be |
30 |
legal we would like to verify that both parties are ABLE to enter into a |
31 |
legal agreement. We discussed assertation of that ability and I think |
32 |
we were happy with that. At that point the proposal of the FLA came up |
33 |
and has since stalled us in rendering a final decision. The reason for |
34 |
the stall is that we'd prefer to use the FLA as guideance for |
35 |
verification requirements. |
36 |
|
37 |
So, at this point we still record the date of birth. I don't think that |
38 |
is needed. Just the verification is needed (and even that is |
39 |
questionable in the strict sense). I think changing this to record the |
40 |
result of the verification and preferably the method (ID checked, |
41 |
assertation, etc) would be sufficient. It'd also lessen our storage of |
42 |
personal data (which is good from a 'less PII is better' and GDPR |
43 |
perspective). |
44 |
|
45 |
-- |
46 |
Matthew Thode (prometheanfire) |