[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: making developer location from ldap public?

Russ Allbery <rra@stanford.edu> writes:

> Thomas Bushnell BSG <tb@becket.net> writes:
>> I understand why it must be optional, but I'm unclear why that means
>> that the default must be opt-in.  Can you explain?
>> We are talking about Debian Developers, who are supposed to read their
>> email.  We can easily give people fair warning, and then make the
>> change.
> Would not changing a privacy policy in that fashion with only opt-out
> notification be illegal in countries with real privacy laws?  I know I
> personally would consider it akin to the sorts of games that commercial
> companies play with my personal information.

I suppose this is what I mean by "we are talking about Debian
Developers".  We're not keeping personal information on customers, or
people with a peripheral relationship; these are *members* of the

I don't know what I think about it, but the question of whether it
violates a law is not the question that Ted was raising.  If we don't
know of actual laws that control, then that isn't the thing that's in
play here.

Also, the opt-out procedure is not like they have to opt-out of the
organization entirely.

Still, I tend to think that the reasons for making it public are
pretty weak, so I'm not so much in favor of that at all, if the
alternative is developers' ceasing to give the information as the only
way of keeping it private.

But that's a separate question from whether it should be opt-in or
opt-out once a decision to change it is made.


Reply to: