about the CLA request

Patrice Dumas pertusus at free.fr
Sat Aug 27 09:42:54 UTC 2005 

> You and the Fedora admins have access to view and change your info. Your
> info will be used inside Fedora if there is ever a legal problem with
> Fedora code, and we need to track you down in order to help establish 
> facts of the case.

In my opinion this should be stated in the 
https://admin.fedora.redhat.com/accounts/
page.

For example after 
"If you'd like to get Fedora Extras CVS commit access, filling out this form is
the first step you should take."

there should be something like:

"Some personnal information are needed, namely your address and telephone 
number. This is required such that if there is ever a legal problem with
Fedora code, and there is a need to track you down in order to help establish
facts of the case. This information will not be communicated to entities
outside the ``the Fedora account management system (replace by something
more adequate)'' except in that case and in that case they will only be
communicated to official parties (justice, police...). 

You can modify this information afterwards at any time. The Fedora admins
``here an explanation of who they are if relevant'' also have access to 
that information and may modify it."

> I can imagine in the future the marketing team will use this info to send
> goodies to people as rewards, but if that should happen, it will require
> changes on the technical level, as well as a policy decision by the
> appropriate team.

I think that it should be better if it was possible for the contributor
to say explicitely that he doesn't want his private information to be used
for anything else than the reason stated above. For example there could
be a checkbox at the end of the form like

" X     do you accept that your personnal information could be used by the
       marketing team to send you goodies?"  

And afterwards, each time the datas could be used for another purpose,
a new possibility to opt-in or out (opting out being the default for existing
account, could be in for new accounts) should be added to the existing 
account management form.

> If you are interested in the governance & policies of the Fedora project,
> a good thing to do right now is to review the minutes of each FESCO
> meeting and provide your opinions on them.

I have read them all and found nothing informative about the CLA/account
creation process. It is more a list of items discussed and don't carry 
that level of details.

> I know Europe has more stringent privacy laws. While we don't follow them
> to the letter, we do try to follow the spirit of respecting your privacy
> by keeping your personal information private.

In France (don't know about other countries) there is a bit more, and I
think this is right. More precisely, what is missing from the existing
statements is the requirement corresponding with the following:

* a data must have a purpose and the information should not be used for
  another purpose. This purpose should be stated at the time the information
  is collected.

Another thing is missing namely a declaration that the information will be
secured, by the mean of encryption of the communication and protection of the
datas, but I don't think it is important there, we all know that!

The proposal I made above tries to fill that gap.

--
Pat

More information about the fedora-extras-list mailing list