On Thu, Jul 18, 2024 at 09:48:21AM +0000, Zbigniew Jędrzejewski-Szmek wrote: > On Wed, Jul 17, 2024 at 02:13:12PM -0500, Michel Lind wrote: > > On Wed, Jul 17, 2024 at 02:45:31PM -0400, Matthew Miller wrote: > > > On Sun, Jul 14, 2024 at 04:14:03AM +0200, Kevin Kofler via devel wrote: > > > > That said, it is not sufficient to reject adding Fedora downstream spyware. > > > > Fedora also needs a policy that upstream "telemetry" spyware is not allowed > > > > and needs to be disabled at compile time or patched out. We have several > > > > packaged applications wanting to "phone home" for this kind of "anonymized > > > > usage statistics". This should not be allowed in a privacy-concious > > > > distribution. > > > > > > I'm not convinced that that's the exact policy we want, but I do agree that > > > we should have a stated policy. There was some work on a "privacy policy for > > > the OS" a while ago, but that basically ran aground in the choppy waters of > > > legal statements -- and I think a similar attempt would run into the same > > > problems. But, we could have a policy that _isn't_ a legal statement; > > > basically a packaging guideline. > > > > > I'd be happy to help with that - should Council look at this first or > > should this go straight to either FESCo or FPC? > > Hi, > > a long time ago I wanted to propose a more formal policy for privacy > behaviours and I wrote this draft [1]. My idea was that we'd first > create and approve such a policy, and then add the conformance to this > policy to the packaging guidelines. Maybe this draft can be useful. > If a policy is created, I'd like to participate in the process. > > [1] https://in.waw.pl/~zbyszek/fedora/fedora-privacy-policy-draft-20210531.md FWIW, that could have a "debuginfod" section added, since that transmits info about software you're debugging to Fedora infra - IIUC even if it is not Fedora built/distributed software With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
