public inbox for gentoo-project@lists.gentoo.org
 help / color / mirror / Atom feed
From: Rich Freeman <rich0@gentoo.org>
To: gentoo-project <gentoo-project@lists.gentoo.org>
Subject: Re: [gentoo-project] Questions for Gentoo Council nominees: GLEP 76
Date: Tue, 2 Jul 2019 07:57:59 -0400	[thread overview]
Message-ID: <CAGfcS_mpUZt_dF4vwmt4JJnwJjUgOoZqLX4FTzzgr_qo6YNOnw@mail.gmail.com> (raw)
In-Reply-To: <d59f4b8e-e4fc-3a0d-21cf-168032a02b74@gentoo.org>

On Tue, Jul 2, 2019 at 12:24 AM desultory <desultory@gentoo.org> wrote:
>
> On 07/01/19 07:59, Rich Freeman wrote:
> > On Mon, Jul 1, 2019 at 1:02 AM desultory <desultory@gentoo.org> wrote:
> >>
> >> publishing PII purely on the basis of disciplinary
> >> considerations could be quite reasonably considered to be an outrageous
> >> overreach. There are reasons that "doxing" is generally considered to be
> >> rather reprehensible.
> >
> > It obviously is reprehensible.  However, nobody is suggesting
> > publishing PII for any reason, and I have no idea where this idea even
> > came from.
> >
> How, exactly, is a requirement to provide and publish "legal name as a
> natural person, i.e., the name that would appear in a government issued
> document" [GLEP76] not a requirement to publish persona data [PII]?

It isn't an issue if the person involved publishes itself and Gentoo
is merely the medium, IMO.

> > Furthermore, I do not think that Gentoo should be collecting PII under
> > conditions of confidentiality for any reason in the first place.  Nor
> > should we be doing any activities that require us to do so, such as
> > accepting money from people, or paying people.  IMO we do not have the
> > demonstrated ability to do this in a safe and compliant manner, and we
> > have a history of not performing legally-required activities in a
> > compliant manner.
> >
> Too late, Gentoo has multiple services which collect some form of PII
> (e.g. the EU considers an IP address to be, at least potentially, PII),
> and retain at least some of that data without publishing it.

I said that I don't think that it should be.  I never claimed that it wasn't.

> > For this reason, I think it would be a big mistake to allow people to
> > contribute under pseudonyms under the condition that they reveal their
> > real identities to some Gentoo body that would retain this information
> > in confidentiality.  That would expose Gentoo to a rather large number
> > of privacy laws in a large number of places, for IMO little gain.
> >
> So, under the mistaken premise that Gentoo does not collect or retain
> any form of PII you believe that Gentoo should not collect or retain any
> PII, correct?

I never said that Gentoo doesn't collect PII.  I said it shouldn't.
And it shouldn't.

> Knowing that Gentoo does indeed collect and retain some PII, does your
> opinion change?

No.  Obviously whatever PII we do collect needs to be properly
protected, just as we ought to be filing taxes and doing various other
things that we have trouble doing.

In both cases the problem can simply be avoided by structuring
ourselves in a manner that doesn't introduce the burden of compliance.

> LDAP, though most of that data is now published in some form it is still
> by and large a collection of PII.

We should not collect non-public PII in LDAP.  There is no harm in
allowing individuals to freely list their names/locations/etc if they
wish, but we shouldn't have anything in the database, other than
passwords or similar credentials, which isn't just published on the
website.  Hence there should be nothing to steal (well, other than
passwords, and those are useless after they are changed).

As I understand it we've already been pushing to eliminate much of the
PII from LDAP as it is - I'm curious as to what still remains that
would be of concern.  In particular I believe the birthdate field was
dropped some time ago.  Much of the rest gets published in the
directory/etc and so it isn't anything that isn't open to see.

> > None of this is intended as some kind of attack on Trustees/Infra/etc.
> > They're volunteers doing the best they can do without pay, and
> > generally trying to clean up after a long period of neglect.  It is
> > simply a fact that if you have nothing to steal, then it is impossible
> > to steal it, and no effort is required to protect it.
>
> Believing that you have nothing worth stealing is no defense against
> those who believe that you do and intend to take it.

I never claimed that we should shield ourselves with "belief."  I said
we shouldn't have anything to steal in the first place.

Sure, that won't stop people from trying.  It will definitely stop
them from succeeding.

-- 
Rich


  reply	other threads:[~2019-07-02 11:58 UTC|newest]

Thread overview: 110+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-06-15  9:42 [gentoo-project] Questions for Gentoo Council nominees Andrew Savchenko
2019-06-15  9:49 ` [gentoo-project] Questions for Gentoo Council nominees: GLEP 76 Andrew Savchenko
2019-06-15 10:20   ` Ulrich Mueller
2019-06-15 16:17   ` Kristian Fiskerstrand
2019-06-16 22:01   ` Thomas Deutschmann
2019-06-18 14:12   ` William Hubbs
2019-06-18 15:43     ` Luca Barbato
2019-06-18 15:47       ` William Hubbs
2019-06-24 22:18   ` Andrew Savchenko
2019-06-25  6:15     ` Michał Górny
2019-06-28 11:49       ` Andrew Savchenko
2019-06-28 12:09         ` Rich Freeman
2019-06-28 17:51           ` Andrew Savchenko
2019-06-30  4:48           ` desultory
2019-06-30 18:53             ` Rich Freeman
2019-07-01  5:02               ` desultory
2019-07-01 11:59                 ` Rich Freeman
2019-07-02  4:24                   ` desultory
2019-07-02 11:57                     ` Rich Freeman [this message]
2019-07-03  4:31                       ` desultory
2019-07-03 11:13                         ` Rich Freeman
2019-07-04  4:32                           ` desultory
2019-06-30  7:11   ` Patrick Lauer
2019-06-30  7:42     ` Michał Górny
2019-06-30  8:03       ` Patrick Lauer
2019-06-30 22:27         ` Robin H. Johnson
2019-07-01  1:31           ` Thomas Deutschmann
2019-06-15 10:00 ` [gentoo-project] Questions for Gentoo Council nominees: Power balance Andrew Savchenko
2019-06-15 10:34   ` Ulrich Mueller
2019-06-15 21:25   ` Andreas K. Huettel
2019-06-16  7:31   ` Mikle Kolyada
2019-06-16 15:56   ` Roy Bamford
2019-06-16 22:18   ` Thomas Deutschmann
2019-06-17  1:38   ` Kristian Fiskerstrand
2019-06-18 14:41   ` William Hubbs
2019-06-30  7:26   ` Patrick Lauer
2019-06-15 10:24 ` [gentoo-project] Questions for Gentoo Council nominees: Bringing new people Andrew Savchenko
2019-06-15 16:24   ` Kristian Fiskerstrand
2019-06-15 21:23   ` Andreas K. Huettel
2019-06-16 18:51   ` Mikle Kolyada
2019-06-16 22:21   ` Thomas Deutschmann
2019-06-19  2:39   ` William Hubbs
2019-06-16 18:09 ` [gentoo-project] Questions for Gentoo Council nominees: Gentoo as hobbyist distro Michał Górny
2019-06-16 19:13   ` Kristian Fiskerstrand
2019-06-16 22:39   ` Thomas Deutschmann
2019-06-19  6:24   ` Mikle Kolyada
2019-06-19 15:45     ` William Hubbs
2019-06-21 14:55       ` Mikle Kolyada
2019-06-19 14:32   ` William Hubbs
2019-06-20 14:48   ` Andreas K. Huettel
2019-06-21 13:21 ` [gentoo-project] Questions for Gentoo Council nominees: your achievements Michał Górny
2019-06-21 20:46   ` Kristian Fiskerstrand
2019-06-21 22:59   ` Georgy Yakovlev
2019-06-22  6:44   ` Ulrich Mueller
2019-06-22  7:06     ` Michał Górny
2019-06-22 22:57   ` Mikle Kolyada
2019-06-24 11:05     ` Mart Raudsepp
2019-06-24 11:25 ` [gentoo-project] Questions for Gentoo Council nominees: traits of a good Council member Michał Górny
2019-06-24 23:23 ` [gentoo-project] Questions for Gentoo Council nominees: Gentoo Foundation Robin H. Johnson
2019-06-26 19:45   ` Kristian Fiskerstrand
2019-06-26 21:54     ` Matthew Thode
2019-06-26 22:03       ` Kristian Fiskerstrand
2019-06-26 22:06         ` Kristian Fiskerstrand
2019-06-26 22:13           ` Matthew Thode
2019-06-26 22:28             ` Kristian Fiskerstrand
2019-06-30 19:21             ` Andreas K. Huettel
2019-06-26 22:08         ` Matthew Thode
2019-06-26 22:15         ` Michael Everitt
2019-06-26 22:22           ` Kristian Fiskerstrand
2019-06-28 23:49           ` Andreas K. Huettel
     [not found]             ` <20190630215422.GA22747@bubba.lan>
2019-06-30 21:55               ` Aaron Bauman
2019-07-01  7:50                 ` Michał Górny
2019-07-01  9:31                   ` Roy Bamford
2019-07-01  9:52                     ` Michał Górny
2019-07-01 10:02                       ` Michael Everitt
2019-07-01 10:04                         ` Michael Everitt
2019-07-01 19:42                         ` Andreas K. Huettel
2019-07-01 19:44                           ` Andreas K. Huettel
2019-07-01 20:10                             ` Alec Warner
2019-07-01 21:14                               ` Roy Bamford
2019-07-02 12:40                                 ` Kristian Fiskerstrand
2019-07-01 11:26                       ` Roy Bamford
2019-07-01 12:07                         ` Rich Freeman
2019-07-01 19:34                         ` Andreas K. Huettel
2019-07-03  4:42                           ` desultory
2019-07-03  6:12                           ` [gentoo-project] Questions for Gentoo Council nominees: Gentoo Foundation - Treasurer Response! Robin H. Johnson
2019-07-03  9:51                             ` Michael Everitt
2019-07-03 10:47                             ` Rich Freeman
2019-07-03 11:05                               ` Michael Everitt
2019-07-03 11:22                                 ` Rich Freeman
2019-07-03 11:27                               ` Kristian Fiskerstrand
2019-07-03 12:27                                 ` Rich Freeman
2019-07-03 13:45                                   ` Kristian Fiskerstrand
2019-07-03 12:56                             ` [gentoo-nfp] " Michał Górny
2019-07-03 13:08                               ` Rich Freeman
2019-07-03 13:17                                 ` Michał Górny
     [not found]                                 ` <20190703143429.yfieiru7cyykr5ca@gentoo.org>
     [not found]                                   ` <6b84c0a026551472a05e776921182ba8dae6fb1e.camel@gentoo.org>
     [not found]                                     ` <138757e484f751d567fb2702ce27de3e3e215a15.camel@gentoo.org>
2019-07-04  2:05                                       ` [gentoo-nfp] Re: [gentoo-project] Questions for Gentoo Council nominees: Gentoo Foundation - Treasurer Response! (part 2) Robin H. Johnson
2019-06-30 10:36 ` [gentoo-project] Questions for Gentoo Council nominees Roy Bamford
2019-06-30 16:48   ` Thomas Deutschmann
2019-06-30 20:17   ` Andreas K. Huettel
2019-07-04  2:14 ` [gentoo-project] Questions for Gentoo Council nominees: Council demands on maintainers & council legal liability Robin H. Johnson
2019-07-04  6:26   ` Michał Górny
2019-07-04  8:03   ` Kristian Fiskerstrand
2019-07-04 20:33     ` Alec Warner
2019-07-04 23:46       ` Kristian Fiskerstrand
2019-07-06  2:54         ` desultory
2019-07-04 13:36   ` Thomas Deutschmann
2019-07-04 16:37     ` Ulrich Mueller
2019-07-04 18:49       ` Thomas Deutschmann
2019-07-04 19:22         ` Ulrich Mueller

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CAGfcS_mpUZt_dF4vwmt4JJnwJjUgOoZqLX4FTzzgr_qo6YNOnw@mail.gmail.com \
    --to=rich0@gentoo.org \
    --cc=gentoo-project@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox