On 10/27/20 9:57 PM, Olivier Lemasle wrote:
Hi all, I'm packaging Open Policy Agent [1] (OPA) for Fedora. However, with version 0.20.0, OPA added a telemetry service, enabled by default, reporting to a OPA-managed service the OPA version, a UUID and the build architecture (cf changelog [2] and privacy information [3]) I didn't find any Fedora policy regarding this kind of opt-out telemetry, so I asked the Fedora Packaging Commitee for advice [4]. I got advised to ask Fedora community on this mailing list. So do you think it is ok to package OPA as is, or should I patch it to make telemetry opt-in by disabling it by default in the Fedora package? More globally, what do you think should be done in Fedora packages when an upstream project includes a telemetry service?
Fedora has always obeyed a "no phone home" policy, i.e. "no telemetry" or other means of espionage by default.
Besides this, any "by default active telemetry" would likely be unlawful in the EU, because it violates the GDPR[1]
Ralf [1] https://en.wikipedia.org/wiki/General_Data_Protection_Regulation _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
