| 1 |
On Mon, Jul 1, 2019 at 1:02 AM desultory <desultory@g.o> wrote: |
| 2 |
> |
| 3 |
> publishing PII purely on the basis of disciplinary |
| 4 |
> considerations could be quite reasonably considered to be an outrageous |
| 5 |
> overreach. There are reasons that "doxing" is generally considered to be |
| 6 |
> rather reprehensible. |
| 7 |
|
| 8 |
It obviously is reprehensible. However, nobody is suggesting |
| 9 |
publishing PII for any reason, and I have no idea where this idea even |
| 10 |
came from. |
| 11 |
|
| 12 |
For the sake of clarity, I do not believe that Gentoo should publish |
| 13 |
PII collected confidentially for any reason. |
| 14 |
|
| 15 |
Furthermore, I do not think that Gentoo should be collecting PII under |
| 16 |
conditions of confidentiality for any reason in the first place. Nor |
| 17 |
should we be doing any activities that require us to do so, such as |
| 18 |
accepting money from people, or paying people. IMO we do not have the |
| 19 |
demonstrated ability to do this in a safe and compliant manner, and we |
| 20 |
have a history of not performing legally-required activities in a |
| 21 |
compliant manner. |
| 22 |
|
| 23 |
For this reason, I think it would be a big mistake to allow people to |
| 24 |
contribute under pseudonyms under the condition that they reveal their |
| 25 |
real identities to some Gentoo body that would retain this information |
| 26 |
in confidentiality. That would expose Gentoo to a rather large number |
| 27 |
of privacy laws in a large number of places, for IMO little gain. |
| 28 |
|
| 29 |
None of this is a risk with GLEP 76 as it currently stands. People |
| 30 |
who wish to contribute code to Gentoo must divulge their names. They |
| 31 |
can choose to do this, or not, and if they choose not to, then their |
| 32 |
contributions will not be accepted. If they do, then Gentoo doesn't |
| 33 |
have any private information they have to safeguard, because it has |
| 34 |
been made public by the person it pertains to. There is no database |
| 35 |
of PII that we have to make accessible to people we already barely |
| 36 |
know scattered around the world, but protect from exposure via hacking |
| 37 |
attacks/etc. |
| 38 |
|
| 39 |
None of this is intended as some kind of attack on Trustees/Infra/etc. |
| 40 |
They're volunteers doing the best they can do without pay, and |
| 41 |
generally trying to clean up after a long period of neglect. It is |
| 42 |
simply a fact that if you have nothing to steal, then it is impossible |
| 43 |
to steal it, and no effort is required to protect it. |
| 44 |
|
| 45 |
-- |
| 46 |
Rich |
Archives