unofficial mirror of guix-devel@gnu.org 
 help / color / mirror / code / Atom feed
* Free software telemetry and the Guix System
@ 2021-05-13 20:03 Bone Baboon
  2021-05-14 18:12 ` Mark H Weaver
  0 siblings, 1 reply; 6+ messages in thread
From: Bone Baboon @ 2021-05-13 20:03 UTC (permalink / raw)
  To: guix-devel

What types of telemetry in free software programs are compatible with
the Guix System?

This is a general question but Audacity is a current example of a free
software program that is in the process of introducing telemetry to some
degree.  It does not look like Audacity has implemented telemetry yet.
Here are two links that provide further information.

https://github.com/audacity/audacity/pull/835

https://github.com/audacity/audacity/discussions/889


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Free software telemetry and the Guix System
  2021-05-13 20:03 Free software telemetry and the Guix System Bone Baboon
@ 2021-05-14 18:12 ` Mark H Weaver
  2021-05-14 18:55   ` Cook, Malcolm
  0 siblings, 1 reply; 6+ messages in thread
From: Mark H Weaver @ 2021-05-14 18:12 UTC (permalink / raw)
  To: Bone Baboon, guix-devel

Hi,

Bone Baboon <bone.baboon@disroot.org> writes:
> What types of telemetry in free software programs are compatible with
> the Guix System?

The relevant text in the GNU FSDG is here:
<https://www.gnu.org/distros/free-system-distribution-guidelines.html#no-malware>

  "No Malware

   The distro must contain no DRM, no back doors, and no spyware."

Of course, this depends on our understanding of what it means to be
e"spyware".  There might be edge cases where this is not clear, but I
hope we can all agree that _any_ kind of telemetry *must* be disabled by
default.

> This is a general question but Audacity is a current example of a free
> software program that is in the process of introducing telemetry to some
> degree.  It does not look like Audacity has implemented telemetry yet.
> Here are two links that provide further information.
>
> https://github.com/audacity/audacity/pull/835

The opening message of that pull request states:

  "1. Telemetry is strictly optional and disabled by default.  No data
      is shared unless you choose to opt-in and enable telemetry.
   
   2. Telemetry only works in the builds made by GitHub CI from the
      official repo (the telemetry URLs are only defined there).
   
   3. If you are compiling Audacity from source, we will provide a CMake
      option to enable the telemetry code. This option will be turned
      off by default."

and:

   "Just to reiterate, telemetry is completely optional and disabled by
    default. We will try to make it as clear as possible exactly what
    data is collected if the user chooses to opt-in and enable
    telemetry. We will consider adding the fine-grained controls that
    some of you have asked for."

If these claims are true, then I think this is quite satisfactory for
our purposes.  I wouldn't even object to enabling the telemetry code via
the CMake build-time option, as long as it's "opt-in", i.e. that each
user must explicitly enable it, and only after being made aware of the
consequences of doing so.

What do you think?

Thanks for raising this issue.

      Regards,
        Mark

-- 
Disinformation flourishes because many people care deeply about injustice
but very few check the facts.  Ask me about <https://stallmansupport.org>.


^ permalink raw reply	[flat|nested] 6+ messages in thread

* RE: Free software telemetry and the Guix System
  2021-05-14 18:12 ` Mark H Weaver
@ 2021-05-14 18:55   ` Cook, Malcolm
  2021-05-14 20:52     ` Leo Famulari
  0 siblings, 1 reply; 6+ messages in thread
From: Cook, Malcolm @ 2021-05-14 18:55 UTC (permalink / raw)
  To: Mark H Weaver, Bone Baboon, guix-devel@gnu.org


 
> Bone Baboon <mailto:bone.baboon@disroot.org> writes:
> > What types of telemetry in free software programs are compatible with
> > the Guix System?
> 
> The relevant text in the GNU FSDG is here:
> <https://www.gnu.org/distros/free-system-distribution-guidelines.html#no-malware>
> 
> "No Malware
> 
> The distro must contain no DRM, no back doors, and no spyware."
> 
> Of course, this depends on our understanding of what it means to be
> e"spyware". There might be edge cases where this is not clear, but I
> hope we can all agree that _any_ kind of telemetry *must* be disabled by
> default.
> 
> > This is a general question but Audacity is a current example of a free
> > software program that is in the process of introducing telemetry to some
> > degree. It does not look like Audacity has implemented telemetry yet.
> > Here are two links that provide further information.
> >
> > https://github.com/audacity/audacity/pull/835
> 
> The opening message of that pull request states:
> 
> "1. Telemetry is strictly optional and disabled by default. No data
> is shared unless you choose to opt-in and enable telemetry.
> 
> 2. Telemetry only works in the builds made by GitHub CI from the
> official repo (the telemetry URLs are only defined there).
> 
> 3. If you are compiling Audacity from source, we will provide a CMake
> option to enable the telemetry code. This option will be turned
> off by default."
> 
> and:
> 
> "Just to reiterate, telemetry is completely optional and disabled by
> default. We will try to make it as clear as possible exactly what
> data is collected if the user chooses to opt-in and enable
> telemetry. We will consider adding the fine-grained controls that
> some of you have asked for."
> 
> If these claims are true, then I think this is quite satisfactory for
> our purposes. I wouldn't even object to enabling the telemetry code via
> the CMake build-time option, as long as it's "opt-in", i.e. that each
> user must explicitly enable it, and only after being made aware of the
> consequences of doing so.
> 
> What do you think?

My 2 cents:  I think the Audacity model is exemplary and your interpretation is spot on.  I personally want the option of enabling such telemetry, as it may well serve my needs and may also give the developer valuable usage and/or crash info which is the least I can provide in return for such a great FOSS app as Audacity.

> 
> Thanks for raising this issue.
> 
> Regards,
> Mark
> 

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Free software telemetry and the Guix System
  2021-05-14 18:55   ` Cook, Malcolm
@ 2021-05-14 20:52     ` Leo Famulari
  2021-05-15 10:01       ` Bengt Richter
  0 siblings, 1 reply; 6+ messages in thread
From: Leo Famulari @ 2021-05-14 20:52 UTC (permalink / raw)
  To: Cook, Malcolm; +Cc: guix-devel@gnu.org

On Fri, May 14, 2021 at 06:55:34PM +0000, Cook, Malcolm wrote:
> > If these claims are true, then I think this is quite satisfactory for
> > our purposes. I wouldn't even object to enabling the telemetry code via
> > the CMake build-time option, as long as it's "opt-in", i.e. that each
> > user must explicitly enable it, and only after being made aware of the
> > consequences of doing so.
> > 
> > What do you think?
> 
> My 2 cents:  I think the Audacity model is exemplary and your interpretation is spot on.  I personally want the option of enabling such telemetry, as it may well serve my needs and may also give the developer valuable usage and/or crash info which is the least I can provide in return for such a great FOSS app as Audacity.

+1


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Free software telemetry and the Guix System
@ 2021-05-15  7:48 mjbecze
  0 siblings, 0 replies; 6+ messages in thread
From: mjbecze @ 2021-05-15  7:48 UTC (permalink / raw)
  To: Mark H Weaver; +Cc: guix-devel

Also just to note, guix already has software in it with telemetry. Ipfs. Its disable by default though.On May 14, 2021 8:12 PM, Mark H Weaver <mhw@netris.org> wrote:
>
> Hi, 
>
> Bone Baboon <bone.baboon@disroot.org> writes: 
> > What types of telemetry in free software programs are compatible with 
> > the Guix System? 
>
> The relevant text in the GNU FSDG is here: 
> <https://www.gnu.org/distros/free-system-distribution-guidelines.html#no-malware> 
>
>   "No Malware 
>
>    The distro must contain no DRM, no back doors, and no spyware." 
>
> Of course, this depends on our understanding of what it means to be 
> e"spyware".  There might be edge cases where this is not clear, but I 
> hope we can all agree that _any_ kind of telemetry *must* be disabled by 
> default. 
>
> > This is a general question but Audacity is a current example of a free 
> > software program that is in the process of introducing telemetry to some 
> > degree.  It does not look like Audacity has implemented telemetry yet. 
> > Here are two links that provide further information. 
> > 
> > https://github.com/audacity/audacity/pull/835 
>
> The opening message of that pull request states: 
>
>   "1. Telemetry is strictly optional and disabled by default.  No data 
>       is shared unless you choose to opt-in and enable telemetry. 
>    
>    2. Telemetry only works in the builds made by GitHub CI from the 
>       official repo (the telemetry URLs are only defined there). 
>    
>    3. If you are compiling Audacity from source, we will provide a CMake 
>       option to enable the telemetry code. This option will be turned 
>       off by default." 
>
> and: 
>
>    "Just to reiterate, telemetry is completely optional and disabled by 
>     default. We will try to make it as clear as possible exactly what 
>     data is collected if the user chooses to opt-in and enable 
>     telemetry. We will consider adding the fine-grained controls that 
>     some of you have asked for." 
>
> If these claims are true, then I think this is quite satisfactory for 
> our purposes.  I wouldn't even object to enabling the telemetry code via 
> the CMake build-time option, as long as it's "opt-in", i.e. that each 
> user must explicitly enable it, and only after being made aware of the 
> consequences of doing so. 
>
> What do you think? 
>
> Thanks for raising this issue. 
>
>       Regards, 
>         Mark 
>
> -- 
> Disinformation flourishes because many people care deeply about injustice 
> but very few check the facts.  Ask me about <https://stallmansupport.org>. 
>

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: Free software telemetry and the Guix System
  2021-05-14 20:52     ` Leo Famulari
@ 2021-05-15 10:01       ` Bengt Richter
  0 siblings, 0 replies; 6+ messages in thread
From: Bengt Richter @ 2021-05-15 10:01 UTC (permalink / raw)
  To: Leo Famulari; +Cc: guix-devel@gnu.org

Hi all,

On +2021-05-14 16:52:25 -0400, Leo Famulari wrote:
> On Fri, May 14, 2021 at 06:55:34PM +0000, Cook, Malcolm wrote:
> > > If these claims are true, then I think this is quite satisfactory for
> > > our purposes. I wouldn't even object to enabling the telemetry code via
> > > the CMake build-time option, as long as it's "opt-in", i.e. that each
> > > user must explicitly enable it, and only after being made aware of the
> > > consequences of doing so.
> > > 
> > > What do you think?
> > 
> > My 2 cents:  I think the Audacity model is exemplary and your interpretation is spot on.  I personally want the option of enabling such telemetry, as it may well serve my needs and may also give the developer valuable usage and/or crash info which is the least I can provide in return for such a great FOSS app as Audacity.
> 
> +1
> 

My 2 cents:  :)

I like options, but I would feel more secure if it were implemented in a separate,
dynamically linked when opted-in,
    some-implementation.so
which I could get the kernel to prevent access to, e.g. by
    # chmod 400 some-implementation.so

-- 
Regards,
Bengt Richter


^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2021-05-15 10:01 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-05-13 20:03 Free software telemetry and the Guix System Bone Baboon
2021-05-14 18:12 ` Mark H Weaver
2021-05-14 18:55   ` Cook, Malcolm
2021-05-14 20:52     ` Leo Famulari
2021-05-15 10:01       ` Bengt Richter
  -- strict thread matches above, loose matches on Subject: below --
2021-05-15  7:48 mjbecze

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).