Re: call for participation - Debian contributors survey, 1st ed.
unsubscribe On 07.11.2016 09:07, Stefano Zacchiroli wrote: > TL;DR: all Debian contributors --- from bug reporters to Debian project > members and participants in any Debian team --- are invited to take part > in the first edition of the Debian contributors survey. To participate > visit: > > http://debian.limequery.org/696747 > > The deadline for participation is: 4 December 2016, at 23:59 UTC. > > > > This is the first instance of what we hope will become a recurring > annual survey of Debian contributors. The survey is intended to help the > Debian project and community by enabling them to understand and document > the evolution of the project's population over time, through the lenses > of common demographics. > > In addition, each year the survey will explore a specific aspect of the > project. The focus for this first edition is on work and labour issues, > specifically on the extent to which Debian contributors are volunteers > or paid to work on Debian, and on how that affects their contributions. > > Participation in the survey is completely anonymous, with no logging of > any provenance information (e.g., IP address, HTTP referrer), and all > questions are optional. The survey is conducted using the Free Software > platform LimeSurvey and hosted by LimeSurvey.org. The results of the > survey will be analyzed as part of ongoing research work by the > organizers and released in aggregate form only. A report discussing the > results will be published under a DFSG-free license and distributed to > the Debian community as soon as it's ready. The raw, disaggregated > answers will not be distributed and will be processed under the > responsibility of the organizers. > > The survey will remain open until: 4 December 2016, 23:59 UTC. > > If you have any questions, you can always reach the survey organizers > at: > > - Mathieu ONeil (mathieu.on...@canberra.edu.au) > - Molly de Blanc (debl...@riseup.net) > - Stefano Zacchiroli (z...@debian.org) > > We thank you in advance for your participation! > > For the organizers, >
Re: call for participation - Debian contributors survey, 1st ed.
On Mon, 07 Nov 2016, Stefano Zacchiroli wrote: > On Mon, Nov 07, 2016 at 11:22:42PM +0100, Joerg Jaspert wrote: > > No logging or name is needed, with the set of questions in this survey > > one only needs a bit of knowledge of Debian and its people to identify a > > high amount of the survey takers, I think. (I still took it) > > This is becoming an FAQ, so let me address it here instead of just > waiting for the blog post including its answer to be written. > > Yep, you're absolutely right. And this is in fact why we included in the > survey announcement a promise to distribute the results only in > aggregate form, because cross-referencing with Debian info it would be > easy to deanonymize people. > > So the "thread model" here is not "untrusted/byzantine survey > organizers" (if you don't trust the organizers you're probably screwed > anyhow, as we could be lying about not logging IP address or HTTP > referrers, after all). The "threat model" is rather: "untrusted readers > of published survey *results*", which we will aggregate to avoid > deanonymization. The threat model is leakage of the non-aggregated survey data, actually. Which is not only dependent on the survey platform and its handling of the survey data, but also on the security of said data *after* it leaves the survey platform. -- Henrique Holschuh
Re: call for participation - Debian contributors survey, 1st ed.
On Mon, Nov 07, 2016 at 11:22:42PM +0100, Joerg Jaspert wrote: > No logging or name is needed, with the set of questions in this survey > one only needs a bit of knowledge of Debian and its people to identify a > high amount of the survey takers, I think. (I still took it) This is becoming an FAQ, so let me address it here instead of just waiting for the blog post including its answer to be written. Yep, you're absolutely right. And this is in fact why we included in the survey announcement a promise to distribute the results only in aggregate form, because cross-referencing with Debian info it would be easy to deanonymize people. So the "thread model" here is not "untrusted/byzantine survey organizers" (if you don't trust the organizers you're probably screwed anyhow, as we could be lying about not logging IP address or HTTP referrers, after all). The "threat model" is rather: "untrusted readers of published survey *results*", which we will aggregate to avoid deanonymization. And of course all questions are optional, so if people fill itchy about specific ones, just leave them out. I'm available for further clarifications if needed, Cheers. -- Stefano Zacchiroli . z...@upsilon.cc . upsilon.cc/zack . . o . . . o . o Computer Science Professor . CTO Software Heritage . . . . . o . . . o o Former Debian Project Leader . OSI Board Director . . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club »
Re: call for participation - Debian contributors survey, 1st ed.
On 14484 March 1977, Stefano Zacchiroli wrote: > Participation in the survey is completely anonymous, with no logging of > any provenance information (e.g., IP address, HTTP referrer), and all > questions are optional. No logging or name is needed, with the set of questions in this survey one only needs a bit of knowledge of Debian and its people to identify a high amount of the survey takers, I think. (I still took it) -- bye, Joerg
