New Fedora Privacy Policy
Josh Boyer
jwboyer at gmail.com
Thu Jul 17 02:40:32 UTC 2008
On Wed, 2008-07-16 at 22:01 -0400, Jeremy Katz wrote:
> On Wed, 2008-07-16 at 21:52 -0400, Josh Boyer wrote:
> > On Wed, 2008-07-16 at 17:47 -0400, Tom "spot" Callaway wrote:
> > > For a while now, we've been butting up against the Red Hat Privacy
> > > Policy (which we've been using to cover Fedora). To try to address some
> > > of these concerns, I sat down and made a new privacy policy for Fedora
> >
> > Could you enumerate what those concerns are/were? Not everyone is aware
> > of the reasons to write a new policy.
>
> Paul gave some examples in his blog post earlier
> (http://marilyn.frields.org:8080/~paul/wordpress/?p=1063). To save
> people some trouble, and as I'm sure he won't mind, here's the relevant
> snippet to save people from having to click[1]
Thanks.
> Paul wrote:
> > Here’s an example: Recently, we found that the policy was going to
> > make it impossible for us to develop useful geographic data on
> > contributions. We can use data like that to develop the infamous “heat
> > maps” to show where lots of Fedora work is happening. Those maps have
> > been absolutely instrumental in our community architecture plans, and
> > how we devote resources to Fedora worldwide.
Yes, seems sane.
> > Even though we’re always very careful about aggregating this data so
> > it’s not tied to individuals, the old privacy policy still prevents
> > this and many other, similar reasonable uses. We can develop metrics
> > that are useful not just to the Board, or FESCo, but also Ambassadors,
> > Marketing, and other groups. These are all our fellow contributors
> > whom we already trust, and with whom we share our account system.
> >
> > Moreover, some of this data is intended to be public already — data
> > like your Fedora Account System (FAS) account name and email; or the
> > fact that you used it to commit a specfile patch; or the fact that you
> > uploaded that patch from a certain IP address. So the privacy policy
> > we’ve been using is completely out of whack with the reality of a
> > truly open project like Fedora.
I agree with everything except the specific IP address thing. I really
don't get why anyone should care, nor why it intended to be public data
already. You can diagnose and divulge geographic information from it,
yes, but why does the actual IP itself need to be public?
josh
More information about the fedora-advisory-board
mailing list