The privacy policy we’ve used in Fedora for years has been causing us some conflicts recently. The only big surprise is that it’s lasted for this long! That’s because it’s Red Hat’s privacy policy — and it’s designed for a commercial entity that deals with customers, not an open and transparent project to which people publicly contribute materials.
Here’s an example: Recently, we found that the policy was going to make it impossible for us to develop useful geographic data on contributions. We can use data like that to develop the infamous “heat maps” to show where lots of Fedora work is happening. Those maps have been absolutely instrumental in our community architecture plans, and how we devote resources to Fedora worldwide.
Even though we’re always very careful about aggregating this data so it’s not tied to individuals, the old privacy policy still prevents this and many other, similar reasonable uses. We can develop metrics that are useful not just to the Board, or FESCo, but also Ambassadors, Marketing, and other groups. These are all our fellow contributors whom we already trust, and with whom we share our account system.
Moreover, some of this data is intended to be public already — data like your Fedora Account System (FAS) account name and email; or the fact that you used it to commit a specfile patch; or the fact that you uploaded that patch from a certain IP address. So the privacy policy we’ve been using is completely out of whack with the reality of a truly open project like Fedora.
Thankfully, we have a proposal from Tom ‘spot’ Callaway that will fix some of these gaps, and improve the transparency of our project. The new policy, and FAS, will continue to keep absolutely private your vital personal information, like address and phone number. And the FAS will provide “opt-out” capabilities for any project member who does not want to share their other data.
The fedora-advisory-board mailing list has a thread to discuss the policy. After a discussion period over the next several days, the intention is to submit it to the Board for a vote.
If and when any such privacy policy change happens, we’ll notify all account holders. As always, we want to make sure our contributors’ private data is completely secure, while still bieng able to promote the openness and transparency of the Fedora Project overall.