On Tue, Jul 20, 2010 at 11:26:13PM +0200, Patrick Matthäi wrote: > Maybe the default value at d-i for popcon should be set to true > (report popcon statistics). > atm it is false. Absolutely not. An installed Debian machine should be silent by default. > Yes I know, that many people (I am including myself in general) > think, that we may abuse the data privacy with this default value, > but.. > > 1) if $user read the message, he still could decide to deactivate it > 2) with `installed packages only' I think no privacy data will be submitted > 3) we get more popcon data, which helps Debian and his users I have in the past worked for a non-profit where no sort of release of information was allowed. If the program crashed, we could not make a crash report because it might expose client information without us knowing it. This kind of policy is not at all unusual for non-profits, especially those in the medical field. Because of the potential for unexpected surprises, this will almost certainly result in a lost of trust in Debian by users and administrators. I cannot emphasize how bad an idea enabling reporting of even anonymized, non-personal data by default is. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
Attachment:
signature.asc
Description: Digital signature