-----BEGIN PGP SIGNED MESSAGE-----
On 25-08-2011 14:35, Alec Warner wrote: > On Thu, Aug 25, 2011 at 5:20 AM, Rich Freeman <firstname.lastname@example.org>
<snip> >> The big issue with opt-out is privacy law - especially in Europe
>> (that's leaving aside just being up-front with users). We'd end
>> up having to have EULAs or such and perhaps a number of other
>> legal controls, and I don't think that is a direction that we want
>> to go in. I'm just not seeing the upside - better to just figure
>> out good ways to use data that is easy and safe to obtain first.
>> Earlier somebody suggested that this decision wasn't really in the
>> domain of the Council/Trustees. I'm not sure I agree here - any
>> kind of opt-out data collection is something that has potential
>> legal ramifications as well as huge reputation concerns for the
>> distro (the software is distributed from Foundation-owned hardware
>> utilizing a Foundation-owned domain name and the data goes back to
>> Foundation-owned hardware - I'm sure any lawyer could make a case
>> for this). Just because there isn't a policy written down
>> somewhere doesn't mean that we can't use common sense. Devs
>> certainly don't need to run everything past the Council, but if you
>> want to do something high-profile post it on -dev, and if there is
>> an uproar look for an official second opinion before doing it.
> We did post to -dev, hence this thread. The point is that we don't
> need any 'official opinion' to do anything; and I don't want to set
> that precedent. If you have specific concerns about actions we plan
> to take (which by the way, we are not planning an opt-out solution.
> If we plan to do an opt-out solution, we will again have a thread on
> -dev) then let us know. If you have specific legal concerns about
> the application, data retention, encryption, logs, backups, onerous
> european privacy laws, and other such questions you should raise
> those concerns now.
I've picked this message as I want to address one point in this thread
that was focused on this sub-thread.
I disagree with the idea that adding an application to the Gentoo tree
that collects data from users and sends it to a central (or distributed)
system is the same as adding any other application to the tree.
Having the ability to add ebuilds to the tree is part of what you gain
by getting gentoo-x86 access. Issues with significant users privacy
concerns and substantial changes like adding packages to the tree that
collect data from users and compile it, should not be at the discretion
of individual developers but be subject of global policies that should
take into account the legal ramifications (trustees) and reflect the
developers desire and goals (council).
Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org
Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----