Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Fedora Development (http://www.linux-archive.org/fedora-development/)
-   -   packaging an application that phones home (http://www.linux-archive.org/fedora-development/315616-packaging-application-phones-home.html)

Eric Smith 01-27-2010 01:46 AM

packaging an application that phones home
 
I'm working on an RPM package for MeshLab, a GPL'd program for
processing unstructured 3D triangular meshes:

http://meshlab.sourceforge.net/

My interest is that it is useful with 3D printers, e.g. RepRap,
MakerBot, or even commercial printers.

The Licenses page of the MeshLab wiki gives a privacy disclaimer stating
that it phones home periodically to check for availability of updated
versions, and that it uploads some aggregated statistical data about the
average number and size of the opened/saved meshes. Nothing personally
identifiable, though they obviously could capture the source IP address:

http://meshlab.sourceforge.net/wiki/index.php/Licenses

Their answer is for people that don't want that to use a firewall. I
don't think that it's acceptable for software to phone home without the
user's explicit consent, and that the user shouldn't have to take
positive action such as installing or configuring a firewall to prevent
that connection.

Is there a Fedora policy about this kind of thing? It seems analogous
to Anaconda uploading system information, which is only done with user
consent.

Would there be a problem with Fedora accepting a package if I patch it
to disable network connections unless the user sets an environment
variable to allow them? I would document that in a README.fedora doc
file that I'd put in the package.

Thanks!
Eric

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Eric Smith 01-27-2010 02:07 AM

packaging an application that phones home
 
> [my question about MeshLab phoning home]

It turns out that the Debian folks had this same issue, and the
developer added a compile-time option __DISABLE_AUTO_STATS__ for that
reason. I'll define that in my spec file, so I expect that there should
be no issue.

Given that they want the stats for funding purposes, I think it would be
better if they asked the user the first time the program was run, but
I'll leave it up to them to do that if they want it.

Eric

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel

Bruno Wolff III 01-27-2010 02:30 AM

packaging an application that phones home
 
On Tue, Jan 26, 2010 at 18:46:32 -0800,
Eric Smith <eric@brouhaha.com> wrote:
>
> The Licenses page of the MeshLab wiki gives a privacy disclaimer stating
> that it phones home periodically to check for availability of updated
> versions, and that it uploads some aggregated statistical data about the

Updates should come through Fedora so there shouldn't be a need to check
their site for updates.

> average number and size of the opened/saved meshes. Nothing personally
> identifiable, though they obviously could capture the source IP address:

This should be opt in or dropped.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel


All times are GMT. The time now is 01:02 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.