#991 Policy regarding opt-out telemetry and privacy
Closed: nothingtodo a year ago by tibbs. Opened 2 years ago by olem.

I'm packaging Open Policy Agent [1] (OPA). Since my original review request [2], OPA released new versions, so I'm updating the package.

However, with version 0.20.0, OPA added a telemetry service, enabled by default, reporting to a OPA-managed service the OPA version, a UUID and the build architecture (cf changelog [3] and privacy information [4])

I didn't find any Fedora policy regarding this kind of opt-out telemetry. Is it ok to package OPA as is, or should I patch it to make telemetry opt-in by disabling it by default in the Fedora package?

It would be great to document the Fedora policy regarding this issue.

[1] https://www.openpolicyagent.org/
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1821496
[3] https://github.com/open-policy-agent/opa/releases/tag/v0.20.0
[4] https://www.openpolicyagent.org/docs/latest/privacy/

My approach would be to disable it by default, and let users enable it as opt-in.
Maybe asking on the users list (or even devel list) will yield different opinions :)

I don't believe this is a packaging committee decision, because it has nothing to do with how you package something. FESCo or the Council would need to make distro poliicy here and document it. If there is something we could document for the method for changing code to conform to that policy (similar to how we document suggested patching for system crypto policies) then that would go into the packaging guidelines.

Metadata Update from @tibbs:
- Issue close_status updated to: nothingtodo
- Issue status updated to: Closed (was: Open)

a year ago

Thanks. Are legal questions, such as "Does the privacy policy https://fedoraproject.org/wiki/Legal:PrivacyPolicy apply to packages in the Fedora repositories?", something to ask the legals at https://bugzilla.redhat.com/show_bug.cgi?id=182235 , or would policy be needed even before that? Does https://pagure.io/fesco/issue/1411 contain enough direction for the packaging committee? Should a new ticket be raised there?

Sorry for the questions but I didn't want to create unnecessary duplicates.

Login to comment on this ticket.