On 10/27/20 9:57 PM, Olivier Lemasle wrote:
Hi all,
I'm packaging Open Policy Agent [1] (OPA) for Fedora. However, with version
0.20.0, OPA added a telemetry service, enabled by default, reporting to a
OPA-managed service the OPA version, a UUID and the build architecture (cf
changelog [2] and privacy information [3])
I didn't find any Fedora policy regarding this kind of opt-out telemetry, so I
asked the Fedora Packaging Commitee for advice [4]. I got advised to ask Fedora
community on this mailing list.
So do you think it is ok to package OPA as is, or should I patch it to make
telemetry opt-in by disabling it by default in the Fedora package?
More globally, what do you think should be done in Fedora packages when an
upstream project includes a telemetry service?
Fedora has always obeyed a "no phone home" policy, i.e. "no telemetry"
or other means of espionage by default.
Besides this, any "by default active telemetry" would likely be unlawful
in the EU, because it violates the GDPR[1]
Ralf
[1] https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
