| 1 |
On 18-06-20 10:16:01, Michał Górny wrote: |
| 2 |
> Hello, everyone. |
| 3 |
> |
| 4 |
> I'd like to revive the topic of requiring date-of-birth for developers. |
| 5 |
> Currently, we 'require' this date in developer applications and store it |
| 6 |
> in our LDAP (it's not public). However, I'm not aware of any good |
| 7 |
> justification for collecting this kind of personal information. |
| 8 |
> |
| 9 |
> The Trustees are apparently 'researching' the topic since at least |
| 10 |
> Feb 2017 [1], and haven't reached anything yet [2]. In the meantime, |
| 11 |
> applicants are asked to provide their DoB with no clear explanation why |
| 12 |
> they need to do that or how it's going to be used (the last part of dev |
| 13 |
> quiz [3]). |
| 14 |
> |
| 15 |
> So unless someone can provide *a really good reason* to request this |
| 16 |
> kind of information, I'd like to propose that we remove the question |
| 17 |
> from the developer quiz, and remove collected birthday dates from LDAP. |
| 18 |
> |
| 19 |
> What do you think? |
| 20 |
> |
| 21 |
> [1]:https://wiki.gentoo.org/wiki/Foundation:Meetings/2017/02#prometheanfire |
| 22 |
> [2]:https://wiki.gentoo.org/wiki/Foundation:Meetings/2018/06#alicef |
| 23 |
> [3]:https://projects.gentoo.org/comrel/recruiters/quizzes/developer-quiz.txt |
| 24 |
> |
| 25 |
|
| 26 |
This is my intrepretation / rememberance of events. |
| 27 |
|
| 28 |
So, what originally brought this up was that the copyright assignment |
| 29 |
currently done is essensially a legal agreement. In order for it to be |
| 30 |
legal we would like to verify that both parties are ABLE to enter into a |
| 31 |
legal agreement. We discussed assertation of that ability and I think |
| 32 |
we were happy with that. At that point the proposal of the FLA came up |
| 33 |
and has since stalled us in rendering a final decision. The reason for |
| 34 |
the stall is that we'd prefer to use the FLA as guideance for |
| 35 |
verification requirements. |
| 36 |
|
| 37 |
So, at this point we still record the date of birth. I don't think that |
| 38 |
is needed. Just the verification is needed (and even that is |
| 39 |
questionable in the strict sense). I think changing this to record the |
| 40 |
result of the verification and preferably the method (ID checked, |
| 41 |
assertation, etc) would be sufficient. It'd also lessen our storage of |
| 42 |
personal data (which is good from a 'less PII is better' and GDPR |
| 43 |
perspective). |
| 44 |
|
| 45 |
-- |
| 46 |
Matthew Thode (prometheanfire) |
Archives