On Thu, Aug 25, 2011 at 5:20 AM, Rich Freeman <ri...@gentoo.org> wrote:
> On Thu, Aug 25, 2011 at 6:48 AM, Roy Bamford <neddyseag...@gentoo.org> wrote:
>> It has to be opt-in as opt out would be a dangerous precendent to set.
>> I don't see any harm is a gentle reminder message from emerge, provided
>> that the reminder can be turned off too, if the user really does not
>> want to opt in. Thats no worse than being nagged about unread news.
> I tend to agree, the more I think about it.
> The simplest solution (which doesn't require any portage mods/etc), is
> to simply make this a package that installs the appropriate logic in
> cron.daily, and we send out a news item encouraging users to install
> it voluntarily.  If the user does nothing, they don't get the package.
> If somebody can come up with really good reason that we should be more
> aggressive in promoting it, then we can promote it more aggressively.
> That /might/ go as far as a forced opt-in/out decision.  However, the
> more I think about it the more I'm concerned with pure opt-out by
> default.

Why is the thread bikeshedding an out-opt that we aren't even
considering doing right now?

> The big issue with opt-out is privacy law - especially in Europe
> (that's leaving aside just being up-front with users).  We'd end up
> having to have EULAs or such and perhaps a number of other legal
> controls, and I don't think that is a direction that we want to go in.
>  I'm just not seeing the upside - better to just figure out good ways
> to use data that is easy and safe to obtain first.
> Earlier somebody suggested that this decision wasn't really in the
> domain of the Council/Trustees.  I'm not sure I agree here - any kind
> of opt-out data collection is something that has potential legal
> ramifications as well as huge reputation concerns for the distro (the
> software is distributed from Foundation-owned hardware utilizing a
> Foundation-owned domain name and the data goes back to
> Foundation-owned hardware - I'm sure any lawyer could make a case for
> this).  Just because there isn't a policy written down somewhere
> doesn't mean that we can't use common sense.  Devs certainly don't
> need to run everything past the Council, but if you want to do
> something high-profile post it on -dev, and if there is an uproar look
> for an official second opinion before doing it.

We did post to -dev, hence this thread. The point is that we don't
need any 'official opinion' to do anything; and I don't want to set
that precedent. If you have specific concerns about actions we plan to
take (which by the way, we are not planning an opt-out solution. If we
plan to do an opt-out solution, we will again have a thread on -dev)
then let us know. If you have specific legal concerns about the
application, data retention, encryption, logs, backups, onerous
european privacy laws, and other such questions you should raise those
concerns now.

> Rich

Reply via email to