On Sunday, 13 August 2017 11:47:28 CEST Volker Krause wrote: > Hi, > > during the KUserFeedback BoF at Akademy there was quite some interest in > collecting telemetry data in KDE applications. But before actually > implementing that we agreed to define the rules under which we would want to > do that. I've tried to put the input we collected during Akademy into > proper wording below. What do you think? Did I miss anything? > > Regards, > Volker > > > # Telemetry Policy Draft
Added to the wiki, so we have version control: https://community.kde.org/Policies/Telemetry_Policy I've integrated the requirement for transport security suggested by Thomas, Ben's comments and Bhushan's idea of a global registry of telemetry-enabled applications. Please verify this reflects what you had in mind. Still open policy questions (unless I missed something): - do we want to mandate an audit log? - regulations for licensing and publishing of the data - should we mandate revocation support, and if so for how long after submission? - should we have upper limits for data retention? Not sure yet how to balance the conflict between limited data retention and revocation support on one side and publication/free licensing on the other side. The audit log looks easy to implement and has been requested before, so I guess there wouldn't be objections to adding that as a requirement? Thanks for all the input so far! Volker
signature.asc
Description: This is a digitally signed message part.
