[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to (not) protect privacy


 You are aware that it's not a very good idea to put the name of someone
into the subject? Both a bad style it doesn't really help the discussion
temper, actually Pi's Law says that you lost the thread right ahead. :)

* Lucas Nussbaum <lucas@lucas-nussbaum.net> [2010-03-02 10:57:28 CET]:
> For context, Andreas is replying to http://www.lucas-nussbaum.net/blog/?p=453
> I'm not sure why people start discussions on blogs, when we have mailing
> lists for that.

 Maybe because you announce stuff on blogs when we have mailing lists
for that.

> The list of (package, subscribers) is already available to DDs on
> master.d.o (/org/packages.qa.debian.org/bin/get-summary-subscribers.pl),
> so the fact that this information is also available to DDs in UDD is
> nothing new.

 This is known and accepted.

> However, data stored in UDD is also available to a wider public:
> - people with an alioth SSH access can access UDD even if they are not
>   DDs
> - data is exposed on the web at http://udd.debian.org/

 This is the issue that receive the objections, mostly because it wasn't
discussed or announce before it happened, and thus is an extremely bad
approach. One would have hoped that we are able to learn from past
similar issues, unfortunately we are doing it again.

 Changes to sensitive data have to be discussed and agreed on *before*
they get implemented, not the other way round.

> When importing the PTS subscribers in UDD, I made a compromise between
> privacy and usefulness, similar to the ones we already make elsewhere in
> Debian (PTS, DDPO, BTS, even Sources/Packages files).

 This decision unfortunately isn't up to you to do on top of the
developer body, you aren't special empowered by anything to make such
decisions on breaking privacy for others, especially not only for DDs
but also for contributors.

> To protect us from potential email harvesters,

 That's a valid and nice concern, but it unfortunately isn't the only

> The CGI that is being discussed in Andreas' blog only exposes, for a
> given email address, the list of packages where the mail is Maintainer:
> or Uploader:, but is not subscribed on the PTS.

 Even when it's limited to this you still did make a decision that
concerns privacy issues for the whole developer body, including non-DDs.
And also, through alioth's udd access to any alioth user.

> So, the worst thing that can happen using this CGI is that someone,
> knowing the email address of a Debian contributor (easy), can get the
> list of packages that this contributor maintains or co-maintains, but is
> NOT subscribed to on the PTS.

 ... through that cgi. The next convern is with respect to the data
stored in UDD that is through that interface offered to a much bigger
audience than what the data originally was exposed to.

> That sounds like an acceptable compromise to me.

 It might sound like that to you, but you don't have the grounds to
decide that for the rest of the developer and user base. Actually this
sounds close to a DMUP violation, but I don't want to call up that
process, I much rather want you to understand and respect the privacy of
your fellow developers and our users.


Reply to: