On Wed, Jul 17, 2024 at 02:13:12PM -0500, Michel Lind wrote: > On Wed, Jul 17, 2024 at 02:45:31PM -0400, Matthew Miller wrote: > > On Sun, Jul 14, 2024 at 04:14:03AM +0200, Kevin Kofler via devel wrote: > > > That said, it is not sufficient to reject adding Fedora downstream spyware. > > > Fedora also needs a policy that upstream "telemetry" spyware is not allowed > > > and needs to be disabled at compile time or patched out. We have several > > > packaged applications wanting to "phone home" for this kind of "anonymized > > > usage statistics". This should not be allowed in a privacy-concious > > > distribution. > > > > I'm not convinced that that's the exact policy we want, but I do agree that > > we should have a stated policy. There was some work on a "privacy policy for > > the OS" a while ago, but that basically ran aground in the choppy waters of > > legal statements -- and I think a similar attempt would run into the same > > problems. But, we could have a policy that _isn't_ a legal statement; > > basically a packaging guideline. > > > I'd be happy to help with that - should Council look at this first or > should this go straight to either FESCo or FPC? Hi, a long time ago I wanted to propose a more formal policy for privacy behaviours and I wrote this draft [1]. My idea was that we'd first create and approve such a policy, and then add the conformance to this policy to the packaging guidelines. Maybe this draft can be useful. If a policy is created, I'd like to participate in the process. [1] https://in.waw.pl/~zbyszek/fedora/fedora-privacy-policy-draft-20210531.md Zbyszek -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue