1 |
On Mon, Jul 1, 2019 at 1:02 AM desultory <desultory@g.o> wrote: |
2 |
> |
3 |
> publishing PII purely on the basis of disciplinary |
4 |
> considerations could be quite reasonably considered to be an outrageous |
5 |
> overreach. There are reasons that "doxing" is generally considered to be |
6 |
> rather reprehensible. |
7 |
|
8 |
It obviously is reprehensible. However, nobody is suggesting |
9 |
publishing PII for any reason, and I have no idea where this idea even |
10 |
came from. |
11 |
|
12 |
For the sake of clarity, I do not believe that Gentoo should publish |
13 |
PII collected confidentially for any reason. |
14 |
|
15 |
Furthermore, I do not think that Gentoo should be collecting PII under |
16 |
conditions of confidentiality for any reason in the first place. Nor |
17 |
should we be doing any activities that require us to do so, such as |
18 |
accepting money from people, or paying people. IMO we do not have the |
19 |
demonstrated ability to do this in a safe and compliant manner, and we |
20 |
have a history of not performing legally-required activities in a |
21 |
compliant manner. |
22 |
|
23 |
For this reason, I think it would be a big mistake to allow people to |
24 |
contribute under pseudonyms under the condition that they reveal their |
25 |
real identities to some Gentoo body that would retain this information |
26 |
in confidentiality. That would expose Gentoo to a rather large number |
27 |
of privacy laws in a large number of places, for IMO little gain. |
28 |
|
29 |
None of this is a risk with GLEP 76 as it currently stands. People |
30 |
who wish to contribute code to Gentoo must divulge their names. They |
31 |
can choose to do this, or not, and if they choose not to, then their |
32 |
contributions will not be accepted. If they do, then Gentoo doesn't |
33 |
have any private information they have to safeguard, because it has |
34 |
been made public by the person it pertains to. There is no database |
35 |
of PII that we have to make accessible to people we already barely |
36 |
know scattered around the world, but protect from exposure via hacking |
37 |
attacks/etc. |
38 |
|
39 |
None of this is intended as some kind of attack on Trustees/Infra/etc. |
40 |
They're volunteers doing the best they can do without pay, and |
41 |
generally trying to clean up after a long period of neglect. It is |
42 |
simply a fact that if you have nothing to steal, then it is impossible |
43 |
to steal it, and no effort is required to protect it. |
44 |
|
45 |
-- |
46 |
Rich |