1 |
On 06/20/2018 12:52 PM, Rich Freeman wrote: |
2 |
> On Wed, Jun 20, 2018 at 4:32 AM Michał Górny <mgorny@g.o> wrote: |
3 |
>> |
4 |
>> Please tell me, how many times did we have to disambiguate two |
5 |
>> developers using the same name? Even if we ever have to do that, do you |
6 |
>> really think we'd use one's birthday all over the place? |
7 |
> |
8 |
> Even if we've had two people from the same location with the same |
9 |
> name, WHY would we ever have to use their date of birth to identify |
10 |
> them? We already have their nicks which is what we use internally, |
11 |
> and those are always unique. |
12 |
|
13 |
One morbid example would be someone getting a stone in the back of their |
14 |
head, at which point the nick will likely not help much... But the |
15 |
underlying need is likely to arise more due to other circumstances for |
16 |
needing to contact, say a retired dev needs to provide evidence in a |
17 |
copyright case and we need to track them down to get said statement. |
18 |
|
19 |
> |
20 |
> And if we DID have to identify a specific individual legally, then why |
21 |
> aren't we collecting government ID numbers, which actually do the job |
22 |
> a LOT better than DOB? |
23 |
|
24 |
Storing those would require much higher security than a simple DOB |
25 |
|
26 |
> |
27 |
> As far as I'm aware, under most privacy laws and policies I've seen, |
28 |
> name+DOB is just as sensitive as a government ID number. If |
29 |
> collecting the latter makes you recoil in horror, then you should be |
30 |
> just as concerned about DOB collection. |
31 |
|
32 |
I'm not, but views of truestees might differ on that; we have reasons to |
33 |
collect it, it is part of recruiting process known to developer, so the |
34 |
legal matter wouldn't be on the collecting part but the storage part, |
35 |
and here they differ quite a lot in practice (although it shouldn't as |
36 |
even SSN is just a Primary Key in theory). |
37 |
|
38 |
|
39 |
> Just ask put on the dev application a certification that they are |
40 |
> legally allowed to sign agreements. That depends on more than just |
41 |
> age anyway. |
42 |
|
43 |
The latter is an interesting point. |
44 |
|
45 |
> |
46 |
> Could somebody lie? Sure, just as they can lie today about their DOB. |
47 |
|
48 |
I'm not too concerned about misrepresentation, there are other ways to |
49 |
pursue that, but at least there is an element of CYA. |
50 |
|
51 |
> |
52 |
> This is just reasonable care. I don't think there is any expectation |
53 |
> by anybody that we have a higher level of certainty that our |
54 |
> developers are able to sign things (DCOs or otherwise - which are also |
55 |
> just reasonable care, unless we intend to start doing in-depth reviews |
56 |
> of every commit). |
57 |
> |
58 |
> If we did need a higher level of certainty, then just asking for DOB |
59 |
> won't cut it. We'd need to verify IDs, take at least some level of |
60 |
> care that they aren't mentally incapacitated, and know the local age |
61 |
> of being able to sign such agreements. |
62 |
|
63 |
Indeed |
64 |
|
65 |
> |
66 |
> I think we need to take a step back and consider the threat model |
67 |
> here. What is the threat we need to protect against? Is collecting |
68 |
> DOB an effective but least-intrusive way of mitigating that threat? |
69 |
> |
70 |
|
71 |
This is always a good question, discussions are always helpful to |
72 |
determine that. |
73 |
|
74 |
-- |
75 |
Kristian Fiskerstrand |
76 |
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net |
77 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |