Re: Free software telemetry and the Guix System

2021-05-15 Thread Bengt Richter 
Hi all,

On +2021-05-14 16:52:25 -0400, Leo Famulari wrote:
> On Fri, May 14, 2021 at 06:55:34PM +, Cook, Malcolm wrote:
> > > If these claims are true, then I think this is quite satisfactory for
> > > our purposes. I wouldn't even object to enabling the telemetry code via
> > > the CMake build-time option, as long as it's "opt-in", i.e. that each
> > > user must explicitly enable it, and only after being made aware of the
> > > consequences of doing so.
> > > 
> > > What do you think?
> > 
> > My 2 cents:  I think the Audacity model is exemplary and your 
> > interpretation is spot on.  I personally want the option of enabling such 
> > telemetry, as it may well serve my needs and may also give the developer 
> > valuable usage and/or crash info which is the least I can provide in return 
> > for such a great FOSS app as Audacity.
> 
> +1
> 

My 2 cents:  :)

I like options, but I would feel more secure if it were implemented in a 
separate,
dynamically linked when opted-in,
some-implementation.so
which I could get the kernel to prevent access to, e.g. by
# chmod 400 some-implementation.so

-- 
Regards,
Bengt Richter

Re: Free software telemetry and the Guix System

2021-05-15 Thread mjbecze 
Also just to note, guix already has software in it with telemetry. Ipfs. Its 
disable by default though.On May 14, 2021 8:12 PM, Mark H Weaver 
 wrote:
>
> Hi, 
>
> Bone Baboon  writes: 
> > What types of telemetry in free software programs are compatible with 
> > the Guix System? 
>
> The relevant text in the GNU FSDG is here: 
> 
>  
>
>   "No Malware 
>
>    The distro must contain no DRM, no back doors, and no spyware." 
>
> Of course, this depends on our understanding of what it means to be 
> e"spyware".  There might be edge cases where this is not clear, but I 
> hope we can all agree that _any_ kind of telemetry *must* be disabled by 
> default. 
>
> > This is a general question but Audacity is a current example of a free 
> > software program that is in the process of introducing telemetry to some 
> > degree.  It does not look like Audacity has implemented telemetry yet. 
> > Here are two links that provide further information. 
> > 
> > https://github.com/audacity/audacity/pull/835 
>
> The opening message of that pull request states: 
>
>   "1. Telemetry is strictly optional and disabled by default.  No data 
>   is shared unless you choose to opt-in and enable telemetry. 
>    
>    2. Telemetry only works in the builds made by GitHub CI from the 
>   official repo (the telemetry URLs are only defined there). 
>    
>    3. If you are compiling Audacity from source, we will provide a CMake 
>   option to enable the telemetry code. This option will be turned 
>   off by default." 
>
> and: 
>
>    "Just to reiterate, telemetry is completely optional and disabled by 
>     default. We will try to make it as clear as possible exactly what 
>     data is collected if the user chooses to opt-in and enable 
>     telemetry. We will consider adding the fine-grained controls that 
>     some of you have asked for." 
>
> If these claims are true, then I think this is quite satisfactory for 
> our purposes.  I wouldn't even object to enabling the telemetry code via 
> the CMake build-time option, as long as it's "opt-in", i.e. that each 
> user must explicitly enable it, and only after being made aware of the 
> consequences of doing so. 
>
> What do you think? 
>
> Thanks for raising this issue. 
>
>   Regards, 
>     Mark 
>
> -- 
> Disinformation flourishes because many people care deeply about injustice 
> but very few check the facts.  Ask me about . 
>

Re: Free software telemetry and the Guix System

2021-05-14 Thread Leo Famulari 
On Fri, May 14, 2021 at 06:55:34PM +, Cook, Malcolm wrote:
> > If these claims are true, then I think this is quite satisfactory for
> > our purposes. I wouldn't even object to enabling the telemetry code via
> > the CMake build-time option, as long as it's "opt-in", i.e. that each
> > user must explicitly enable it, and only after being made aware of the
> > consequences of doing so.
> > 
> > What do you think?
> 
> My 2 cents:  I think the Audacity model is exemplary and your interpretation 
> is spot on.  I personally want the option of enabling such telemetry, as it 
> may well serve my needs and may also give the developer valuable usage and/or 
> crash info which is the least I can provide in return for such a great FOSS 
> app as Audacity.

+1

RE: Free software telemetry and the Guix System

2021-05-14 Thread Cook, Malcolm 

 
> Bone Baboon  writes:
> > What types of telemetry in free software programs are compatible with
> > the Guix System?
> 
> The relevant text in the GNU FSDG is here:
> 
> 
> "No Malware
> 
> The distro must contain no DRM, no back doors, and no spyware."
> 
> Of course, this depends on our understanding of what it means to be
> e"spyware". There might be edge cases where this is not clear, but I
> hope we can all agree that _any_ kind of telemetry *must* be disabled by
> default.
> 
> > This is a general question but Audacity is a current example of a free
> > software program that is in the process of introducing telemetry to some
> > degree. It does not look like Audacity has implemented telemetry yet.
> > Here are two links that provide further information.
> >
> > https://github.com/audacity/audacity/pull/835
> 
> The opening message of that pull request states:
> 
> "1. Telemetry is strictly optional and disabled by default. No data
> is shared unless you choose to opt-in and enable telemetry.
> 
> 2. Telemetry only works in the builds made by GitHub CI from the
> official repo (the telemetry URLs are only defined there).
> 
> 3. If you are compiling Audacity from source, we will provide a CMake
> option to enable the telemetry code. This option will be turned
> off by default."
> 
> and:
> 
> "Just to reiterate, telemetry is completely optional and disabled by
> default. We will try to make it as clear as possible exactly what
> data is collected if the user chooses to opt-in and enable
> telemetry. We will consider adding the fine-grained controls that
> some of you have asked for."
> 
> If these claims are true, then I think this is quite satisfactory for
> our purposes. I wouldn't even object to enabling the telemetry code via
> the CMake build-time option, as long as it's "opt-in", i.e. that each
> user must explicitly enable it, and only after being made aware of the
> consequences of doing so.
> 
> What do you think?

My 2 cents:  I think the Audacity model is exemplary and your interpretation is 
spot on.  I personally want the option of enabling such telemetry, as it may 
well serve my needs and may also give the developer valuable usage and/or crash 
info which is the least I can provide in return for such a great FOSS app as 
Audacity.

> 
> Thanks for raising this issue.
> 
> Regards,
> Mark
>

Re: Free software telemetry and the Guix System

2021-05-14 Thread Mark H Weaver 
Hi,

Bone Baboon  writes:
> What types of telemetry in free software programs are compatible with
> the Guix System?

The relevant text in the GNU FSDG is here:


  "No Malware

   The distro must contain no DRM, no back doors, and no spyware."

Of course, this depends on our understanding of what it means to be
e"spyware".  There might be edge cases where this is not clear, but I
hope we can all agree that _any_ kind of telemetry *must* be disabled by
default.

> This is a general question but Audacity is a current example of a free
> software program that is in the process of introducing telemetry to some
> degree.  It does not look like Audacity has implemented telemetry yet.
> Here are two links that provide further information.
>
> https://github.com/audacity/audacity/pull/835

The opening message of that pull request states:

  "1. Telemetry is strictly optional and disabled by default.  No data
  is shared unless you choose to opt-in and enable telemetry.
   
   2. Telemetry only works in the builds made by GitHub CI from the
  official repo (the telemetry URLs are only defined there).
   
   3. If you are compiling Audacity from source, we will provide a CMake
  option to enable the telemetry code. This option will be turned
  off by default."

and:

   "Just to reiterate, telemetry is completely optional and disabled by
default. We will try to make it as clear as possible exactly what
data is collected if the user chooses to opt-in and enable
telemetry. We will consider adding the fine-grained controls that
some of you have asked for."

If these claims are true, then I think this is quite satisfactory for
our purposes.  I wouldn't even object to enabling the telemetry code via
the CMake build-time option, as long as it's "opt-in", i.e. that each
user must explicitly enable it, and only after being made aware of the
consequences of doing so.

What do you think?

Thanks for raising this issue.

  Regards,
Mark

-- 
Disinformation flourishes because many people care deeply about injustice
but very few check the facts.  Ask me about .

Free software telemetry and the Guix System

2021-05-13 Thread Bone Baboon 
What types of telemetry in free software programs are compatible with
the Guix System?

This is a general question but Audacity is a current example of a free
software program that is in the process of introducing telemetry to some
degree.  It does not look like Audacity has implemented telemetry yet.
Here are two links that provide further information.

https://github.com/audacity/audacity/pull/835

https://github.com/audacity/audacity/discussions/889