I'm working on an RPM package for MeshLab, a GPL'd program for processing unstructured 3D triangular meshes:
http://meshlab.sourceforge.net/
My interest is that it is useful with 3D printers, e.g. RepRap, MakerBot, or even commercial printers.
The Licenses page of the MeshLab wiki gives a privacy disclaimer stating that it phones home periodically to check for availability of updated versions, and that it uploads some aggregated statistical data about the average number and size of the opened/saved meshes. Nothing personally identifiable, though they obviously could capture the source IP address:
http://meshlab.sourceforge.net/wiki/index.php/Licenses
Their answer is for people that don't want that to use a firewall. I don't think that it's acceptable for software to phone home without the user's explicit consent, and that the user shouldn't have to take positive action such as installing or configuring a firewall to prevent that connection.
Is there a Fedora policy about this kind of thing? It seems analogous to Anaconda uploading system information, which is only done with user consent.
Would there be a problem with Fedora accepting a package if I patch it to disable network connections unless the user sets an environment variable to allow them? I would document that in a README.fedora doc file that I'd put in the package.
Thanks! Eric
[my question about MeshLab phoning home]
It turns out that the Debian folks had this same issue, and the developer added a compile-time option __DISABLE_AUTO_STATS__ for that reason. I'll define that in my spec file, so I expect that there should be no issue.
Given that they want the stats for funding purposes, I think it would be better if they asked the user the first time the program was run, but I'll leave it up to them to do that if they want it.
Eric
On Tue, Jan 26, 2010 at 18:46:32 -0800, Eric Smith eric@brouhaha.com wrote:
The Licenses page of the MeshLab wiki gives a privacy disclaimer stating that it phones home periodically to check for availability of updated versions, and that it uploads some aggregated statistical data about the
Updates should come through Fedora so there shouldn't be a need to check their site for updates.
average number and size of the opened/saved meshes. Nothing personally identifiable, though they obviously could capture the source IP address:
This should be opt in or dropped.