[Fedora-legal-list] Privacy policy

[Josh Bressers]

> 
> == Automatic Bug Reporting ==
> Fedora contains tools designed to detect and report bugs when they occur
> on your system. These tools are configured so that the end-user must
> opt-in to reporting these bugs to us (either via a system-wide setting
> or on a case-by-case basis).
> 
> In reporting these bugs, we collect debugging information about the
> state of your system and its running applications. Every attempt is made
> to anonymize these reports and scrub them of personal information,
> however, it is possible that they may still contain personal information
> and/or information about your computer usage. Please keep this in mind
> before submitting these bug reports. By choosing to submit these
> reports, you are giving Fedora permission to use their contents, even if
> those contents contain personal information about you and/or your
> computer usage.
> 

I'm not comfortable with this message. It's extremely broad, and there some
loose ends we really should clarify.

1) What do we do about other things that collect user data (Firefox will
send bug reports to Mozilla, not Fedora, for example). We've mostly just
ignored this in the past as best as I can tell.

2) If we find personal information in a bug report, what will do we do?

3) What exactly are we collecting? This should be clearly defined so we
know where the line is, and when it gets crossed. It's easy for things like
to feature their way to being dangerous.

4) How long do we keep the data?


We also will need to ensure the Fedora privacy policy is adjusted to
reflect this.

-- 
Josh Bressers / Red Hat Product Security