Return-Path: X-Original-To: apmail-legal-discuss-archive@www.apache.org Delivered-To: apmail-legal-discuss-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0133F108CC for ; Wed, 12 Jun 2013 17:04:09 +0000 (UTC) Received: (qmail 81828 invoked by uid 500); 12 Jun 2013 17:04:07 -0000 Delivered-To: apmail-legal-discuss-archive@apache.org Received: (qmail 81488 invoked by uid 500); 12 Jun 2013 17:04:07 -0000 Mailing-List: contact legal-discuss-help@apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: Reply-To: legal-discuss@apache.org List-Id: Delivered-To: mailing list legal-discuss@apache.org Received: (qmail 81467 invoked by uid 99); 12 Jun 2013 17:04:06 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Jun 2013 17:04:06 +0000 X-ASF-Spam-Status: No, hits=0.3 required=5.0 tests=FREEMAIL_REPLY,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of alexei.fedotov@gmail.com designates 209.85.214.181 as permitted sender) Received: from [209.85.214.181] (HELO mail-ob0-f181.google.com) (209.85.214.181) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 12 Jun 2013 17:04:02 +0000 Received: by mail-ob0-f181.google.com with SMTP id 16so13641330obc.12 for ; Wed, 12 Jun 2013 10:03:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=wR8Ep5DroaEdziLEP/BcQZNgUra69SodLqXRhyw9HnU=; b=HHeBs5oSgGJuXlcENOVEnZHWaMexlJV1upjTxrY0rGdzcMHygzLn0hXCnTwX2/+5n9 aZmHAYP+YppBHMHwf46Nqogzh2t9pnOOUxJGJro6LC7zHpbvflIqiVRN3hGIGasS699s sYkdaFiGALSmg4pStxL6kOWDhhvrn/DQAhOJoNCcn1E0zy4s/dRdjKjlKTulVJ52KfwZ I+A1o1JSG9iPPEBhxI5qnGf+CK454ysRxOaLlgSrccDahzSpfCXerO+TVZHvmsUz1yUi rJWBF0GVnnmEQkYpUpXlrbeP8OmZ1Y6IGrEMkbHrBlA4WhVtn2J7XIcl/tRzHj3j+mBM Zxkw== X-Received: by 10.182.89.193 with SMTP id bq1mr15752084obb.41.1371056621202; Wed, 12 Jun 2013 10:03:41 -0700 (PDT) MIME-Version: 1.0 Received: by 10.182.85.166 with HTTP; Wed, 12 Jun 2013 10:03:00 -0700 (PDT) In-Reply-To: References:

From: Alexei Fedotov Date: Wed, 12 Jun 2013 21:03:00 +0400 Message-ID: Subject: Re: Error collecting infrastructure for Openmeetings To: dev Cc: legal-discuss , ASF Infrastructure , Shane Curcuru , general@incubator.apache.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org Sebastian, I believe as for now, the decision is *not to include* the code into release. I opposed this initially, yet it seems I have to step down here. There were no strong support for this from anyone other then me. -- With best regards / =D1=81 =D0=BD=D0=B0=D0=B8=D0=BB=D1=83=D1=87=D1=88=D0=B8= =D0=BC=D0=B8 =D0=BF=D0=BE=D0=B6=D0=B5=D0=BB=D0=B0=D0=BD=D0=B8=D1=8F=D0=BC= =D0=B8, Alexei Fedotov / =D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9 =D0=A4=D0=B5=D0= =B4=D0=BE=D1=82=D0=BE=D0=B2, http://dataved.ru/ +7 916 562 8095 On Wed, Jun 12, 2013 at 3:16 AM, seba.wagner@gmail.com wrote: > *AFAIK, > many Apache projects do use Google Analytics already.* > =3D> The next question will be: Which projects do you Google Analytics? > > I doubt that any Apache product includes a UA code in its release package= s. > > Sebastian > > > 2013/6/10 Alexei Fedotov > >> [added general@ for vivid discussion] >> >> Hello Sebastian, >> >> I'm glad that the statement that this infrastructure is needed is not >> questioned. >> >> We technically can use either CGI script, or existing Confluence API. >> The intention for using Google Analytics is minimum effort. AFAIK, >> many Apache projects do use Google Analytics already. >> >> The goal for the request is to avoid inventing a project-wide policy >> where foundation-wide policy is needed. >> >> With best regards, Alexei >> >> -- >> With best regards / =D1=81 =D0=BD=D0=B0=D0=B8=D0=BB=D1=83=D1=87=D1=88=D0= =B8=D0=BC=D0=B8 =D0=BF=D0=BE=D0=B6=D0=B5=D0=BB=D0=B0=D0=BD=D0=B8=D1=8F=D0= =BC=D0=B8, >> Alexei Fedotov / =D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9 =D0=A4=D0=B5= =D0=B4=D0=BE=D1=82=D0=BE=D0=B2, >> http://dataved.ru/ >> +7 916 562 8095 >> >> >> On Mon, Jun 10, 2013 at 7:03 AM, seba.wagner@gmail.com >> wrote: >> > Hi Alexei, >> > >> > what about a simple CGI script that takes the input and send an email = to >> the >> > mailing list? >> > I think some more simple approach would do the same and does not have >> such a >> > deep impact on the whole infrastructure. Some legal and privacy aspect= s >> are >> > still tbc. >> > >> > However no matter what we do it is unlikely that including the actual = UA >> > code or any kind of real pwd / hash in a release is a good idea. It is >> quite >> > easy to manipulate that. >> > >> > Also the question rises if the OpenMeetings server is in a public >> network at >> > all. Just sending request blindly without knowing if they ever reach >> their >> > destination is kind of odd. >> > >> > It should be some subscribe mechanism where an OpenMeetings admin can >> > activate the error collecting. The activation could then subscribe and >> load >> > a hash that will auth that server for error collecting. >> > >> > If you put that activation in the installer with appropriate >> explenations I >> > think it has better chances to find a wider positive reaction in devs = and >> > users. >> > >> > Maybe it would be enough to give some kind of more general feedback fr= om >> > @legal and @infra and we can then in the OpenMeetings PMC create a mor= e >> > detailed spec of that component. >> > >> > @legal: Do you have general constraints regarding error collecting ? >> > >> > @infra: What kind of advices can you give us? I guess some CGI scripts >> are >> > not that big deal. Is there any process who would review and activate = / >> make >> > them executable? >> > >> > Thanks, >> > Sebastian >> > >> > Am 06.06.2013 19:38 schrieb "Alexei Fedotov" : >> > >> >> [added Shane for reputation issues] >> >> >> >> Hello, Infra and Legal folks, >> >> >> >> We ask you for advice on the automated error collection >> >> infrastructure. Any helpful ideas are appreciated. >> >> >> >> 1. Our users are tainted with iphones and other reliable and fancy >> >> staff. They start wanting openmeetings to work reliably. This makes u= s >> >> think of a global error collecting infrastructure to plan important >> >> bug fixes. Here is an example by Firefox [1]. >> >> >> >> We believe collecting user errors is generally ok if proper >> >> preparations are made. Is it generally possible to implement error >> >> collecting infrastructure as a part of Apache project? If not, we can >> >> try to do it as a commercial company, yet Firefox example shows a >> >> non-commercial org can be behind that error collection. >> >> >> >> 2. Could we use Google Analytics to store collected errors? The >> >> general Apache practice is to use Apache infrastructure. Google >> >> Analytics allows us storing 50 mln. events for free. The comparable >> >> thing won't be free for Apache for sure. >> >> >> >> Once can use JIRA, or Confluence via API, this will be a heavy load. >> >> Are you ok with using third party for storing error & environment >> >> messages and associated risks? >> >> >> >> The code we are talking about is below: >> >> try { >> >> _gaq =3D _gaq || []; >> >> _gaq.push(['_setAccount', 'UA-13024987-1']); // PMC id >> >> _gaq.push(['_trackPageview']); >> >> _gaq.push(['_trackEvent', 'Openmeetings client error', >> >> message, '', 0, true]); >> >> } catch (exception) { >> >> alert(exception); >> >> } >> >> >> >> 3. Is it ok for PMC to share Google Analytics id? Should we use some >> >> Apache Id instead? >> >> >> >> 4. Which preparations should be done to start this error collection >> >> service in the next release? >> >> >> >> 4.1. Is it ok just to semi-silently mention in release notes, that >> >> errors are automatically sent to the (Google) server right now? >> >> 4.2. Or should we explicitly notify each new user that the errors are >> >> now to be collected? >> >> 4.3. If 4.2. holds, can we ask once per user at the beginning of his >> >> session and remember if he agreed sharing error reports? Or should we >> >> allow a user to review each error report each time the error is sent >> >> (I expect 5-10 errors per standard openmeetings session)? Can we have >> >> a checkbox "Remember my choice" or a button "Send error reports >> >> always" for those, who are tied of error messages? >> >> >> >> [1] >> >> >> https://crash-stats.mozilla.com/report/index/050f1aab-1507-4c8f-a166-9b3= 322130422 >> >> >> >> -- >> >> With best regards / =D1=81 =D0=BD=D0=B0=D0=B8=D0=BB=D1=83=D1=87=D1=88= =D0=B8=D0=BC=D0=B8 =D0=BF=D0=BE=D0=B6=D0=B5=D0=BB=D0=B0=D0=BD=D0=B8=D1=8F= =D0=BC=D0=B8, >> >> Alexei Fedotov / =D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9 =D0=A4=D0= =B5=D0=B4=D0=BE=D1=82=D0=BE=D0=B2, >> >> http://dataved.ru/ >> >> +7 916 562 8095 >> > > > > -- > Sebastian Wagner > https://twitter.com/#!/dead_lock > http://www.webbase-design.de > http://www.wagner-sebastian.com > seba.wagner@gmail.com --------------------------------------------------------------------- To unsubscribe, e-mail: legal-discuss-unsubscribe@apache.org For additional commands, e-mail: legal-discuss-help@apache.org