incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wade Chandler <wadechand...@apache.org>
Subject Re: ASF hosted binaries collecting user data without an explicit opt-in
Date Wed, 07 Jun 2017 02:53:23 GMT
NetBeans has various anonymous data collections such as UI gestures and
actions logging, and optional uploading, sort of like GA, which tells us
what is or is not being used, auto update, exception reporting, driven by
users deciding to send anonymously or login to attach their name, which I
do that often. There may be others. So certainly good for us to be aware
of, and will have to bring it up.

Thanks

Wade


On Jun 6, 2017 8:34 AM, "Shane Curcuru" <asf@shanecurcuru.org> wrote:

> While there may be technical issues out there, the policy issues can
> have time for a thorough discussion before we make policy updates.
>
> Alex Harui wrote on 6/5/17 11:25 PM:
> > Is the use of Google Analytics also prohibited by #4?
>
> That sounds like a different issue, unless a project is shipping docs
> inside a release with GA code *in* the html docs that are then run when
> a user installs the docs locally.  That would not be a good idea, BTW.
>
> As Bertrand notes elsethread, GA on *.apache.org websites is fine as
> long as the PMC is sure to comply with the ASF privacy policy:
>
>   https://www.apache.org/foundation/policies/privacy.html
>
> Separately, we have one example of auto-update checking which is OK:
>
>   https://wiki.openoffice.org/wiki/Update_Service
>
> >
> > -Alex
> >
> > On 6/5/17, 8:16 PM, "shaposhnik@gmail.com on behalf of Roman Shaposhnik"
> > <shaposhnik@gmail.com on behalf of roman@shaposhnik.org> wrote:
> >
> >> On Mon, Jun 5, 2017 at 8:02 PM, Julian Hyde <jhyde@apache.org> wrote:
> >>> Thanks for the explanation, Roman. I had no idea that policies for
> >>> hosted binaries
> >>> were stricter than for source code (other than the obvious effect on
> >>> licensing when you bundle in dependencies).
> >>
> >> Btw, this one is serious enough that I'd like us to update our release
> >> policy based on the
> >> learnings here.
> >>
> >> So far it seems that there's an agreement on that having this type of
> >> capability...
> >>   1 ... in the source code disabled by default -- totally OK
> >>   2 ... in the source code enabled by default -- questionable, but OK
> >>   3 ... in the binary hosted by ASF disabled by default -- OK
> >>   4 ... in the binary hosted by ASF enabled by default -- NOT OK
> >>
> >> #4 can get nuanced if we want to invest in ASF managed infrastructure
> >> that is
> >> responsible for update tracking and user data collection. With my ASF
> hat
> >> on,
> >> I'd say that INFRA should probably stay away from user data
> >> collection/retention.
> >>
> >> That still leaves a possibility of a a ping/pong API that only
> >> consumes a name of ASF
> >> project and its version and returns a JSON object of some kind as per
> >> PMC choice.
> >>
> >>
> >> Thanks,
> >> Roman.
> >>
>
> --
>
> - Shane
>   https://www.apache.org/foundation/marks/resources
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message