On Friday, June 07, 2013 11:15:17 AM Evan Dandrea wrote: > On 7 June 2013 10:00, Robie Basak <robie.ba...@canonical.com> wrote: > > On Thu, Jun 06, 2013 at 04:19:46PM -0400, Scott Kitterman wrote: > >> Of course this should be defaulted to no. Given that the reports to > >> e.u.c are treated as more sensitive than crash reports to Launchpad, it > >> is at best counter-intuitive to expect that sending reports is a > >> reasonable default. > Actually, reports to Launchpad are not intended to be treated as any > less sensitive. We've just been slow to move access to crash report > data in Launchpad bugs over to the NDA. The same concern is there: > without an NDA, there's absolutely no recourse to someone doing > malicious things with the private data found in those reports, whether > they be on errors.ubuntu.com or bugs.launchpad.net. > > ~ubuntu-bugcontrol was expedient and well-intentioned, but it's a gamble. > > Perhaps I'm misunderstanding what you're saying, Scott? I don't see > how having the contract between our users and the developers wishing > to look at that potentially sensitive data, laying out the terms for > doing so, makes sending the reports an unreasonable default when > compared against not having such an agreement in place.
I don't understand why it's required for e.u.c, but no Launchpad. It doesn't make any sense to require it for one and not the other. I doubt the NDA gives Canonical much in the way of recourse in any case. I'm not sure "we let you see bug reports so you can work on fixing our product for free" would qualify as consideration sufficient to make the NDA an actual contract (IANAL, so who knows really). Have we ever had a problem with developers not treating crash reports with sufficient care? If not, I wonder why it's worth inhibiting access to useful data in order to solve a problem we aren't having. Scott K > On Thu, Jun 06, 2013 at 12:44:47PM -0700, Clint Byrum wrote: > > Turning this on without explicit user authorization would be a > > breach of confidence in Ubuntu Server. > > More info: https://wiki.ubuntu.com/ServerTeam > > That was not suggested. This is not a default without consent. > > For the interactive case, the user has a section of text explaining > the choice in front of them, with the default cursor position being on > "Yes, I would like to help make Ubuntu better by submitting error > reports." This does not turn on something behind the backs of users > who wouldn't want it, but it does make less work for the vast majority > who would find the notion of Ubuntu getting better as result of > sending a small amount of data a worthy proposition. > > Now, Alex makes a really good point: > > On 6 June 2013 20:01, Alex Muntada <al...@alexm.org> wrote: > > Though i understand that enabling it by default the number of reports > > will be much bigger, i'd prefer a more conservative approach and set > > the default to No. Even if one can set that value via preseed, it's > > difficult to make so unless one's aware of its existence first. And > > providing that many server installations are unattended nowadays, i > > see that the Yes default could raise many concerns about the privacy > > of the reports. > > We should definitely not do this. If the value is not preseeded, it > should not default to true. We have not explained to those people what > they'd be agreeing to. However, I believe it still makes sense to have > the default action within an interactive d-i session to be "yes". All > of this is achievable in the debconf protocol. > > The error reporting system is nothing new. We have an excellent track > record in being protective of the data submitted to this system from > lots of desktop systems, giving data access only to those who can sign > a legally-binding agreement to not misuse it, provide us with real > world contact details, and demonstrate a valid use for their access. > Abusers can and will be prosecuted, but we know our development > community; these are good people. > > There have already been well documented cases of serious issues being > discovered by https://errors.ubuntu.com that would've never been > uncovered using the old developer-centric opt-in approach of apport > reporting into Launchpad bugs. It is not a stretch to say there's a > strong connection between the variety of reports we get and our > further understanding of what the most important issues in Ubuntu are. > > On the desktop, we already present exactly this kind of question > that's being proposed for d-i, with the default being to agree to > send. To date, none of the owners of the millions of systems reporting > into errors.ubuntu.com have burned my house down. So is it realistic > to think when presented with an option of "yes, I would like to make > Ubuntu better" (given I'm kind of relying on it for my computer to > function) and "no thanks", the negative response is the more likely > choice? > > I think we're doing our users a disservice by being so pessimistic, > assuming they're uninterested in participating in making the best > operating system we can. > > Thanks for listening. You'd also need to check what priority questions debconf is set to ask if you're going to default it to true (which I think is a mistake - I think people interested in contributing will flip the switch, while defaulting to true will cause people who don't care to contribute to have a negative opinion about Ubuntu Server). Depending on how the question priorities are set, your question may never get asked. Scott K P.S. Replying to all since apparently not everyone is subscribed to the server list -- ubuntu-server mailing list ubuntu-server@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-server More info: https://wiki.ubuntu.com/ServerTeam
