On Fri, Apr 01, 2022 at 07:02:15PM +0200, Jonathan Carter wrote: > Hi Adrian
Hi Jonathan, >... > I'm not sure bringing in the lawyer as a first step is optimal, they are > expensive and will probably tell us a lot of things we already know. IMHO > it's better to do some initial groundwork, compile a list of issues that we > need help on, and then take that to the lawyer for further input. usually trying to solve legal issues without consulting a lawyer early ends up being more expensive. >... > So, I would appreciate it if the data protection team could look into all of > the issues we know of in Debian, but I'd also like there to be a process > where people can file issues with the data protection team. >... > So, I think it's more important to take care of known issues and low hanging > fruit before getting a lawyer involved. I also think it's a good idea to > make it easy to file issues as they are found, and would like to know if the > Data Protection team has any ideas or if they would consider implementing > anything like the above. It might not have been intended, but to me this comes across like stalling, trying to avoid addressing the big problems - we all know from our BTS that "filing issues" does not necessarily imply that anything will ever happen. Would you commit to something more specific, like that our Data Protection team will reply to debian-project within 3 months discussing all issues mentioned in the discussion at [1] so far, and with their reply having been proof-read by our GDPR lawyer? > -Jonathan cu Adrian [1] https://lists.debian.org/debian-project/2022/03/msg00008.html