-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 25-08-2011 14:35, Alec Warner wrote: > On Thu, Aug 25, 2011 at 5:20 AM, Rich Freeman <ri...@gentoo.org> > wrote: <snip> >> The big issue with opt-out is privacy law - especially in Europe >> (that's leaving aside just being up-front with users). We'd end >> up having to have EULAs or such and perhaps a number of other >> legal controls, and I don't think that is a direction that we want >> to go in. I'm just not seeing the upside - better to just figure >> out good ways to use data that is easy and safe to obtain first. >> >> Earlier somebody suggested that this decision wasn't really in the >> domain of the Council/Trustees. I'm not sure I agree here - any >> kind of opt-out data collection is something that has potential >> legal ramifications as well as huge reputation concerns for the >> distro (the software is distributed from Foundation-owned hardware >> utilizing a Foundation-owned domain name and the data goes back to >> Foundation-owned hardware - I'm sure any lawyer could make a case >> for this). Just because there isn't a policy written down >> somewhere doesn't mean that we can't use common sense. Devs >> certainly don't need to run everything past the Council, but if you >> want to do something high-profile post it on -dev, and if there is >> an uproar look for an official second opinion before doing it. > > We did post to -dev, hence this thread. The point is that we don't > need any 'official opinion' to do anything; and I don't want to set > that precedent. If you have specific concerns about actions we plan > to take (which by the way, we are not planning an opt-out solution. > If we plan to do an opt-out solution, we will again have a thread on > -dev) then let us know. If you have specific legal concerns about > the application, data retention, encryption, logs, backups, onerous > european privacy laws, and other such questions you should raise > those concerns now.
I've picked this message as I want to address one point in this thread that was focused on this sub-thread. I disagree with the idea that adding an application to the Gentoo tree that collects data from users and sends it to a central (or distributed) system is the same as adding any other application to the tree. Having the ability to add ebuilds to the tree is part of what you gain by getting gentoo-x86 access. Issues with significant users privacy concerns and substantial changes like adding packages to the tree that collect data from users and compile it, should not be at the discretion of individual developers but be subject of global policies that should take into account the legal ramifications (trustees) and reflect the developers desire and goals (council). - -- Regards, Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJOVxCXAAoJEC8ZTXQF1qEP7KAQAJBwDHp4aS+5l8gahHUrsWYI 0gUpO+qtsFODsKToQa4ZZ9jTZhFvN0iscyApXvgO8FBOnPzFCMiq+LblI/j/cnFK OwVYJ4/tvcc1C1fE1lQecd1kNVlnVLCEvR8NbeKA184ty4kS7cJy2FqAiWbzGGno /zNsQI+iDUg6ZCamCz29EZ5FJgfUzXzG+Ipbh61T0c/Ukugq5xHA8c5zTzoRre2u /fSRMM9qPakmgaHJoV8t+8B0ejJccW/+MquKIyFdDnUDvQH5U/RnXl3D5oe7+0vb Eak3VB5iUrkZifqhpOQMEeAtuNColigPy4oPr6BsQz7t0uiC2M0MHei4cigbN8kn yp4U+RZE4PhJ/+b/U/jnaiidGu8IF+Kdl3DPgCR130N4vbpO8u7KjyphdoL7QZx5 hnc3A5ZxQxraQolKtFnl8Be8P5NvuKdiP192wYmACuCw3W95XVNDtUhc63n++fqo 0K9WTEudO+JZN7JYZFSU6OJo5hvujHcQvvIO2sG30Q56x7EfvCRFCzMUsRC8mU0L uSKW+YFHVp1+yCJ9BbnTWp9afPUVQ56/1YtCxLDsqEi0lI7otm0TpuJFIC/fDJ1F Hf9Kqaap9kZzc1WBKuMY0Rvvf8CKf/9bd9QTxT5Fz/tpiNGkU9MTMFPHghDFUP8h 773YR/NFapQVLHyqemla =G4Y6 -----END PGP SIGNATURE-----
