Hi! Like suggested by Lucas himself, I bring up this issue on the debian project list. The context is that Lucas did put up a new "service" and data collector in UDD that contains the PTS subscription. He announced it in his blog: <http://www.lucas-nussbaum.net/blog/?p=453>
To some degree I see this on a similar base as the issue with the debian.net zone exposure that got removed fortunately again. People do subscribe to the PTS under the impression that their subscription data is kept private. With this interface (and the data in the UDD) this is no longer the case. If one wants to know what things someone else is interested in they just have to use the interface or hash the email address and query the UDD data. This is IMNSHO a serious violation and breach of privacy. It doesn't make it better that Lucas stated that "an earlier version exposed more information", rather the contrary. Such changes to data that are known and expected to be private have to get discussed *before* making them public instead of afterwards claiming one can feel free to "raise the topic on a mailing list". This is the wrong approach to sensitive informations and definitely not what I would want Debian to be known for, and I am quite confident that I'm not the only with that opinion. Thanks, Rhonda -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
