On Wed, Sep 02, 2015 at 12:47:59PM -0400, Matthew Miller wrote:
On Wed, Sep 02, 2015 at 05:58:23PM +0200, Pierre-Yves Chibon wrote:
> >
https://fedoraproject.org/wiki/User:Spot/PrivacyPolicyProposal
> Sharing Your Personal Information
>
> ""
> we may disclose personally identifiable information about you to third parties
> in limited circumstances, including:
> ...
> - for research activities, including the production of statistical reports (such
> aggregated information is used to describe our services and is not used to
> contact the subjects of the report).
> ""
>
> Is this really something we want to do?
Possibly. I think, for example, this would cover reports from Bitergia
(an open source analytics company based in Spain).
<
http://bitergia.com/>
They do metrics for Wikimedia:
*
http://korma.wmflabs.org/browser/
OpenStack:
*
http://activity.openstack.org/dash/browser/
and several Red Hat projects:
*
http://projects.bitergia.com/redhat-glusterfs-dashboard/browser/
*
http://projects.bitergia.com/redhat-rdo-dashboard/browser/
*
http://metrics.ceph.com/
*
http://www.ovirt.org/stats/
I believe there was an instance in the distant past where an
open-source friendly sociological researcher used aggregated community
data to produce a report. IIRC she had access to PII in order to
aggregate and compile the data, but the output report (being
aggregated) could not be used to identify anyone. This would be
similar to the "State of Fedora" case that Máirín raised.
Third parties do not automatically have access to PII. Access is
controlled by all our normal measures, as well as reviewed by the
Infrastructure team and leadership. That is at least in part what
"limited access" means. This is not a blanket permission for access
to PII. :-)
--
Paul W. Frields
http://paul.frields.org/
gpg fingerprint: 3DA6 A0AC 6D58 FEC4 0233 5906 ACDB C937 BD11 3717
http://redhat.com/ - - - -
http://pfrields.fedorapeople.org/
The open source story continues to grow:
http://opensource.com