For a while now, we've been butting up against the Red Hat Privacy
Policy (which we've been using to cover Fedora). To try to address some
of these concerns, I sat down and made a new privacy policy for Fedora
to use that is independent of Red Hat's Privacy Policy. I made a draft,
then sent it over to Red Hat Legal for review. They made some minor
changes and sent it back to me.
Keep in mind that while this is more open than the Red Hat Privacy
Policy, I think it is more in keeping with the spirit of Fedora. (Also,
it is directly derived from Red Hat's privacy policy, so its not as if I
completely rewrote it from scratch).
Barring any major failures, I plan to present this for approval at next
week's board meeting.
Comments are welcome.
Thanks,
~spot
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
07-16-2008, 10:25 PM
Dennis Gilmore
New Fedora Privacy Policy
On Wednesday 16 July 2008, Tom "spot" Callaway wrote:
> For a while now, we've been butting up against the Red Hat Privacy
> Policy (which we've been using to cover Fedora). To try to address some
> of these concerns, I sat down and made a new privacy policy for Fedora
> to use that is independent of Red Hat's Privacy Policy. I made a draft,
> then sent it over to Red Hat Legal for review. They made some minor
> changes and sent it back to me.
>
> Here it is for you folks to look over:
>
> https://fedoraproject.org/wiki/TomCallaway/PrivacyPolicyDraft
>
> Keep in mind that while this is more open than the Red Hat Privacy
> Policy, I think it is more in keeping with the spirit of Fedora. (Also,
> it is directly derived from Red Hat's privacy policy, so its not as if I
> completely rewrote it from scratch).
>
> Barring any major failures, I plan to present this for approval at next
> week's board meeting.
>
> Comments are welcome.
I would do a s/Fedora/Fedora Project/g otherwise it looks ok to me.
--
Dennis Gilmore
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
07-17-2008, 01:52 AM
Josh Boyer
New Fedora Privacy Policy
On Wed, 2008-07-16 at 17:47 -0400, Tom "spot" Callaway wrote:
> For a while now, we've been butting up against the Red Hat Privacy
> Policy (which we've been using to cover Fedora). To try to address some
> of these concerns, I sat down and made a new privacy policy for Fedora
Could you enumerate what those concerns are/were? Not everyone is aware
of the reasons to write a new policy.
josh
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
07-17-2008, 02:01 AM
Jeremy Katz
New Fedora Privacy Policy
On Wed, 2008-07-16 at 21:52 -0400, Josh Boyer wrote:
> On Wed, 2008-07-16 at 17:47 -0400, Tom "spot" Callaway wrote:
> > For a while now, we've been butting up against the Red Hat Privacy
> > Policy (which we've been using to cover Fedora). To try to address some
> > of these concerns, I sat down and made a new privacy policy for Fedora
>
> Could you enumerate what those concerns are/were? Not everyone is aware
> of the reasons to write a new policy.
Paul gave some examples in his blog post earlier
(http://marilyn.frields.org:8080/~paul/wordpress/?p=1063). To save
people some trouble, and as I'm sure he won't mind, here's the relevant
snippet to save people from having to click[1]
Paul wrote:
> Here’s an example: Recently, we found that the policy was going to
> make it impossible for us to develop useful geographic data on
> contributions. We can use data like that to develop the infamous “heat
> maps” to show where lots of Fedora work is happening. Those maps have
> been absolutely instrumental in our community architecture plans, and
> how we devote resources to Fedora worldwide.
>
> Even though we’re always very careful about aggregating this data so
> it’s not tied to individuals, the old privacy policy still prevents
> this and many other, similar reasonable uses. We can develop metrics
> that are useful not just to the Board, or FESCo, but also Ambassadors,
> Marketing, and other groups. These are all our fellow contributors
> whom we already trust, and with whom we share our account system.
>
> Moreover, some of this data is intended to be public already — data
> like your Fedora Account System (FAS) account name and email; or the
> fact that you used it to commit a specfile patch; or the fact that you
> uploaded that patch from a certain IP address. So the privacy policy
> we’ve been using is completely out of whack with the reality of a
> truly open project like Fedora.
Jeremy
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
07-17-2008, 02:40 AM
Josh Boyer
New Fedora Privacy Policy
On Wed, 2008-07-16 at 22:01 -0400, Jeremy Katz wrote:
> On Wed, 2008-07-16 at 21:52 -0400, Josh Boyer wrote:
> > On Wed, 2008-07-16 at 17:47 -0400, Tom "spot" Callaway wrote:
> > > For a while now, we've been butting up against the Red Hat Privacy
> > > Policy (which we've been using to cover Fedora). To try to address some
> > > of these concerns, I sat down and made a new privacy policy for Fedora
> >
> > Could you enumerate what those concerns are/were? Not everyone is aware
> > of the reasons to write a new policy.
>
> Paul gave some examples in his blog post earlier
> (http://marilyn.frields.org:8080/~paul/wordpress/?p=1063). To save
> people some trouble, and as I'm sure he won't mind, here's the relevant
> snippet to save people from having to click[1]
Thanks.
> Paul wrote:
> > Here’s an example: Recently, we found that the policy was going to
> > make it impossible for us to develop useful geographic data on
> > contributions. We can use data like that to develop the infamous “heat
> > maps” to show where lots of Fedora work is happening. Those maps have
> > been absolutely instrumental in our community architecture plans, and
> > how we devote resources to Fedora worldwide.
Yes, seems sane.
> > Even though we’re always very careful about aggregating this data so
> > it’s not tied to individuals, the old privacy policy still prevents
> > this and many other, similar reasonable uses. We can develop metrics
> > that are useful not just to the Board, or FESCo, but also Ambassadors,
> > Marketing, and other groups. These are all our fellow contributors
> > whom we already trust, and with whom we share our account system.
> >
> > Moreover, some of this data is intended to be public already — data
> > like your Fedora Account System (FAS) account name and email; or the
> > fact that you used it to commit a specfile patch; or the fact that you
> > uploaded that patch from a certain IP address. So the privacy policy
> > we’ve been using is completely out of whack with the reality of a
> > truly open project like Fedora.
I agree with everything except the specific IP address thing. I really
don't get why anyone should care, nor why it intended to be public data
already. You can diagnose and divulge geographic information from it,
yes, but why does the actual IP itself need to be public?
josh
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
07-17-2008, 03:50 AM
Matt Domsch
New Fedora Privacy Policy
On Wed, Jul 16, 2008 at 10:40:32PM -0400, Josh Boyer wrote:
> I agree with everything except the specific IP address thing. I really
> don't get why anyone should care, nor why it intended to be public data
> already. You can diagnose and divulge geographic information from it,
> yes, but why does the actual IP itself need to be public?
because enough tools collect an IP address of the connection they're
talking to that it would be difficult to prevent that data from
becoming public. It's often in the Received headers of email messages
for example.
We're going through this with the whole mirror security thing. The
only thing we can't prevent is a mirror getting to see the IP address
of the client that is connecting to it (without the client using
something like Tor).
-Matt
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
07-17-2008, 07:49 AM
"Yaakov Nemoy"
New Fedora Privacy Policy
On Thu, Jul 17, 2008 at 4:40 AM, Josh Boyer <jwboyer@gmail.com> wrote:
> I agree with everything except the specific IP address thing. I really
> don't get why anyone should care, nor why it intended to be public data
> already. You can diagnose and divulge geographic information from it,
> yes, but why does the actual IP itself need to be public?
I'm not sure IP addresses need to be 100% public either, but having a
clear policy about that helps Smolt out. It's nice to have some text
I can copy and paste when people ask about every level of privacy
involved in Smolt, and the storage and display of IP addresses is the
one thing that is out of my control.
-Yaakov
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
07-17-2008, 01:58 PM
Bill Nottingham
New Fedora Privacy Policy
Tom spot Callaway (tcallawa@redhat.com) said:
> Here it is for you folks to look over:
>
> https://fedoraproject.org/wiki/TomCallaway/PrivacyPolicyDraft
...
If you wish for this information to be kept private, you can opt-out of
displaying this information publicly in your Fedora Account Preferences.
If you choose to opt-out, Fedora will still have access to this information,
but it will not be displayed to others, and will be considered Private.
...
Is that really practical for 1) account name 2) e-mail address? I'm
not seeing how we can get out of the account name being public, at
least.
Bill
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
07-17-2008, 02:19 PM
"Tom "spot" Callaway"
New Fedora Privacy Policy
On Thu, 2008-07-17 at 09:58 -0400, Bill Nottingham wrote:
> Tom spot Callaway (tcallawa@redhat.com) said:
> > Here it is for you folks to look over:
> >
> > https://fedoraproject.org/wiki/TomCallaway/PrivacyPolicyDraft
>
> ...
> If you wish for this information to be kept private, you can opt-out of
> displaying this information publicly in your Fedora Account Preferences.
> If you choose to opt-out, Fedora will still have access to this information,
> but it will not be displayed to others, and will be considered Private.
> ...
>
> Is that really practical for 1) account name 2) e-mail address? I'm
> not seeing how we can get out of the account name being public, at
> least.
That's a good point, I've pulled account name out of the list. It isn't
a personal identifier, so we don't need to list it there.
Email address refers to the email address you give us, not the
username@fedoraproject.org one.
~spot
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
07-21-2008, 09:31 PM
"Paul W. Frields"
New Fedora Privacy Policy
On Thu, 2008-07-17 at 09:49 +0200, Yaakov Nemoy wrote:
> On Thu, Jul 17, 2008 at 4:40 AM, Josh Boyer <jwboyer@gmail.com> wrote:
> > I agree with everything except the specific IP address thing. I really
> > don't get why anyone should care, nor why it intended to be public data
> > already. You can diagnose and divulge geographic information from it,
> > yes, but why does the actual IP itself need to be public?
>
> I'm not sure IP addresses need to be 100% public either, but having a
> clear policy about that helps Smolt out. It's nice to have some text
> I can copy and paste when people ask about every level of privacy
> involved in Smolt, and the storage and display of IP addresses is the
> one thing that is out of my control.
The Board was going to vote on the policy at this week's meeting but
because many folks are away or at OLS, we're going to cancel. I've
asked Board members to weigh in here with input as appropriate, and
depending on how that goes, we should be able to vote on this before
next week.
New Fedora Privacy Policy
