Re: [translate-pootle] Privacy issues in Pootle: Profile page
Samuel Murray (Groenkloof) wrote: Currently, the registration page and the profile page (options.html) contain fields for the Name, Email, Password and Confirm password. I propose that two extra fields be added to it: * Display Name (used for attribution purposes): [] * Address where other users may contact me: [] When a user registers, the above two fields are filled in automatically (using JavaScript, I think) after the user has typed in his name and e-mail address (although users can change/delete them). I asked a question about this on comp.lang.javascript, and a kind user there wrote me the necessary script. I made come changes, and here it is (hopefully the attachment works). I don't know how to add this to Pootle's source code, though. Samuel -- Samuel Murray [EMAIL PROTECTED] Decathlon, for volunteer opensource translations http://translate.sourceforge.net/wiki/decathlon/ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/___ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle
Re: [translate-pootle] Mozootle testing: sqlalchemy, ldap and friends
On Sun, 2008-09-14 at 23:11 +0200, Israel Saeta Pérez wrote: Sorry Dwayne, you were completely right, SQLAlchemy 4.x doesn't support arbitrary select statements in the Query objects but only full rows, as stated in the 05Migration document referenced earlier. But I guess we could translate the Query statement to a SQLAlchemy sql expression following http://www.sqlalchemy.org/docs/04/sqlexpression.html#sql_everythingelse_scalar Anyways, since SQLAlchemy is 0.5rc1 now and it can be easily (IMHO) installed using easy_install, I think that banging our heads with this problem isn't worth it. What do you think? I agree. If we really do need to investigate this then we can. And frankly putting hardcoded SQL statements extracted from the 0.5 query objects would be my work around :) -- Dwayne Bailey Associate +27 12 460 1095 (w) Translate.org.za +27 83 443 7114 (c) Recent blog posts: * The birth of the GNU generation http://www.translate.org.za/blogs/dwayne/en/content/birth-gnu-generation * Firefox users experience discrimination * RPM packages for py lib 0.9.2 - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle
Re: [translate-pootle] Privacy issues in Pootle: Privacy policy
Hi Samuel, On Tue, 2008-09-16 at 09:11 +0200, Samuel Murray (Groenkloof) wrote: G'day everyone At the moment, new users are not told how their details will be used and how much of it will be made public. This is actually kinda crucial. Users are not told, for example, that their e-mail addresses will be visible to the public, to anyone who downloads the PO file, or to anyone who encounters the PO file at any stage. It is important that they be told of this. All of this can be written in a privacy policy page that is linked to from every page on Pootle (at the bottom somewhere). The problem is that different Pootle servers have different policies, so I think one should write a policy that is half explanatory so that it can apply to all servers. A better (but more complicated) solution may be that the privacy policy page is generated automatically from options selected in the pootle.prefs file. But let's keep it simple for now. So here's my attempt: == GENERIC PRIVACY POLICY OF POOTLE SERVERS The way a Pootle server deals with privacy, depends on the licence of the translated files and the specific policies of the computer on which the Pootle server is hosted. Pootle was originally designed not for private participation but with public collaboration in mind, and the way it deals with a user's information, reflects that. Typically, a user's name and e-mail address is automatically added to his translation. The owner of this Pootle server has no control over the way the translations (and therefore also the user's name and e-mail address) will eventually be made public. Various pieces of information about a user can be accessed by the public, by other users, by users with administrative privileges, by users of the server with read access rights, and by users of the server with root privileges. Some information that cannot be accessed directly, can be deduced from other information. The only information about a user that is truly private, is his password. All other information submitted by the user, including record of his activities, may be available to a number of people, including members of the public. A user's activities are written to a log that typically cannot be accessed via the web interface and only be accessed by users of the server with read access rights. Whether users of the server may make such logs public depends on the policies of the server itself. For privacy purposes, therefore, users should assume that everything on their profile pages (except the password) can eventually be viewed by any member of the public, and that a log of all of their activities on Pootle can either be viewed or deduced by any member of the public. == So, what do you think? Looks OK, although a bit scary. I prefer legalise that says the same but makes it sound wonderful ;) I'm less concerned about the content then about how we display this. I think we have a generic mechanism for example to display error messages. A simple HTML snippet that can be embedded into that error message would do the trick. Anyone interested in taking a look at this? If not I'll probably give it a go. -- Dwayne Bailey Associate +27 12 460 1095 (w) Translate.org.za +27 83 443 7114 (c) Recent blog posts: * The birth of the GNU generation http://www.translate.org.za/blogs/dwayne/en/content/birth-gnu-generation * Firefox users experience discrimination * RPM packages for py lib 0.9.2 - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle
Re: [translate-pootle] Privacy issues in Pootle: Privacy policy
On Di, 2008-09-16 at 09:11 +0200, Samuel Murray (Groenkloof) wrote: G'day everyone At the moment, new users are not told how their details will be used and how much of it will be made public. This is actually kinda crucial. Users are not told, for example, that their e-mail addresses will be visible to the public, to anyone who downloads the PO file, or to anyone who encounters the PO file at any stage. It is important that they be told of this. All of this can be written in a privacy policy page that is linked to from every page on Pootle (at the bottom somewhere). The problem is that different Pootle servers have different policies, so I think one should write a policy that is half explanatory so that it can apply to all servers. A better (but more complicated) solution may be that the privacy policy page is generated automatically from options selected in the pootle.prefs file. But let's keep it simple for now. So here's my attempt: == GENERIC PRIVACY POLICY OF POOTLE SERVERS The way a Pootle server deals with privacy, depends on the licence of the translated files and the specific policies of the computer on which the Pootle server is hosted. Pootle was originally designed not for private participation but with public collaboration in mind, and the way it deals with a user's information, reflects that. Typically, a user's name and e-mail address is automatically added to his translation. The owner of this Pootle server has no control over the way the translations (and therefore also the user's name and e-mail address) will eventually be made public. Various pieces of information about a user can be accessed by the public, by other users, by users with administrative privileges, by users of the server with read access rights, and by users of the server with root privileges. Some information that cannot be accessed directly, can be deduced from other information. The only information about a user that is truly private, is his password. All other information submitted by the user, including record of his activities, may be available to a number of people, including members of the public. A user's activities are written to a log that typically cannot be accessed via the web interface and only be accessed by users of the server with read access rights. Whether users of the server may make such logs public depends on the policies of the server itself. For privacy purposes, therefore, users should assume that everything on their profile pages (except the password) can eventually be viewed by any member of the public, and that a log of all of their activities on Pootle can either be viewed or deduced by any member of the public. == So, what do you think? I think each deployment should write its own policy, and we shouldn't pretend to be able to say anything about servers in general, because we can't. We could encourage administrators to include a privacy notice, in the same way we encourage them to put in contact details to the administrators. As Dwayne suggested, let's make it focus on the positives. Many people want credit for their work, and they want team communication to work. Therefore the default setup is to put the translator's name and contact details in the PO files when they are updated. If the translators are lucky, server admins will publicly praise translators that did a lot of work. This mostly says the same thing, but gives a more positive starting point and explains better why the software does what it does. An idea Friedel -- Recently on my blog: http://translate.org.za/blogs/friedel/en/content/vrot-mango - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle
Re: [translate-pootle] Privacy issues in Pootle: Privacy policy
F Wolff wrote: I think each deployment should write its own policy, and we shouldn't pretend to be able to say anything about servers in general, because we can't. We could encourage administrators to include a privacy notice, in the same way we encourage them to put in contact details to the administrators. We can expect Pootle administrators to be experts in server administration and similar technical issues, but we can't expect them to know the issues surrounding privacy issues, copyright issues etc. Therefore I think Pootle should be distributed in such a way that Pootle admins can focus on what they do best, and safely assume that the rest has been taken care of. Few if any Pootle admins will think of writing a privacy policy, and by the time they realise they need one, it'll be mostly too late to implement one. If we can provide a generic privacy, it protects our customers. As Dwayne suggested, let's make it focus on the positives. My proposed privacy policy statement does not contain any negatives. Negative and positive are in the eye of the beholder, I think. The privacy policy is not a marketing document to make the system seem friendly, but a dry, factual statement about how private data is dealt with on the site. Nor do I think one should, as Dwayne suggested, identify aspects that we regard as unpleasant, and bury those in legalese... although I'm all for a more legal sounding privacy policy, and I'm not against rewording. Many people want credit for their work, and they want team communication to work. You're assuming a scenario in which Pootle is specifically touted to translators as a team system and where there are so many translators that they can't help but be aware of each other's presence. Samuel -- Samuel Murray [EMAIL PROTECTED] Decathlon, for volunteer opensource translations http://translate.sourceforge.net/wiki/decathlon/ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle
Re: [translate-pootle] Privacy issues in Pootle: Profile page
Dwayne Bailey wrote: I think we're making this way too complicated for an issue that I think can be got around by the user themselves. If they want to work in secret, register on Pootle as a secret user. If we're going to make assumptions about what users want, we should make those assumptions based on similar situations that a user might find himself in. I can't think of any system where registration is required, in which the registration details (especially the mail address) is shared willy-nilly with everyone else (except perhaps mailing lists). The usual expectation of a user would therefore be that his details are safe. I don't mind if Pootle works differently, but the user must know. And leaving it up to the user is actually what this suggestion will do -- it would be entirely up to the user to decide how and if he wants to be identified. The Pootle server needn't determine what kind of user the user is. All users have the same options. I'm in favour of munging email addresses for people who fear spam. And I think we can simply do that automatically without making many confusing options. Munging only fools automated bots... it doesn't stop spam. I should know, because I have harvested e-mail addresses from PO files myself and I know how easy it is to build a highly targeted spam address list, munging or no munging. My original idea was quite complex, but my latest comment has much simplified it. Pootle doesn't have to do anything with the information yet, as long as it stores it. The idea is that the private and public display names are written to a text file (along with the user's name and/or username), where a server admin or project manager can access it. Samuel -- Samuel Murray [EMAIL PROTECTED] Decathlon, for volunteer opensource translations http://translate.sourceforge.net/wiki/decathlon/ - This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100url=/ ___ Translate-pootle mailing list Translate-pootle@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/translate-pootle