[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Andreas Barth: How to (not) protect privacy

On Tue, Mar 02, 2010 at 10:57:28AM +0100, Lucas Nussbaum wrote:
> So, here is the status.
> To make progress towards a web interface for DDPO-by-mail, which was
> asked in [1], and a way to generate the email automatically (instead of
> manually[2]), I imported the list of PTS subscribers into UDD.
> [1] http://lists.debian.org/debian-devel/2010/02/msg00302.html
> [2] http://lists.debian.org/debian-devel/2010/02/msg00341.html
> The list of (package, subscribers) is already available to DDs on
> master.d.o (/org/packages.qa.debian.org/bin/get-summary-subscribers.pl),
> so the fact that this information is also available to DDs in UDD is
> nothing new.

This does not bother me. I trust DDs with this like I trust them not to
trash my /.

> However, data stored in UDD is also available to a wider public:
> - people with an alioth SSH access can access UDD even if they are not
>   DDs
> - data is exposed on the web at http://udd.debian.org/

This *does* bother me. There is no reason for my subscription preferences
to be available to either of these groups of people (where the latter is
everybody in the world).

> That sounds like an acceptable compromise to me. Of course, it can be
> revisited, but I'm not sure of what would be an acceptable compromise,
> so I'm not going to propose anything here.

An acceptable compromise to me is to email the results of the cgi to
the address in question, or failing that - to be able to opt-out (or in)
to such a service.

Jonathan Wiltshire, who is not a DD but can still see your subscriptions.

1024D: 0xDB800B52 / 4216 F01F DCA9 21AC F3D3  A903 CA6B EA3E DB80 0B52
4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Attachment: signature.asc
Description: Digital signature

Reply to: