On 20/02/09 at 16:10 +0100, Olivier Berger wrote: > > I've just made dumps of the DB available (see http://udd.debian.org/), > > so you could use that if you want to work on an offline copy. > > Great. Will try to have a look at that. > > Btw, until then, the database was only accessible to somehow trusted > users of Debian machines if I'm not mistaken... now that dumps are > public, I'm afraid of the issues of personal data that we've discussed > at the FOSDEM. Maybe some terms of use should be explicitely stated for > such dumps ? > > In any case, I'll pass the word to fellow researchers at FLOSSMETRICS > for instance, that may be interested.
The problem is twofold. 1) the legal part: are we legally allowed to build such a database? I'm not sure which local law applies here (finland's?), but in france, such a database would probably need to be declared at CNIL. 2) the moral part: should we secure some of the information (mostly, the personal informations) that we provide? Regarding packages and sources, I don't think so: the information is already easily available in the respective files. Regarding bugs, I don't think it's worth obfuscating yet, because: - we only have information about bug reporters and closers. - both reporters and closers are probably well aware that their identity will be published somewhere - digging in a 250-MB SQL dump isn't much easier than wgetting each bug separately. -- | Lucas Nussbaum | lu...@lucas-nussbaum.net http://www.lucas-nussbaum.net/ | | jabber: lu...@nussbaum.fr GPG: 1024D/023B3F4F | -- To UNSUBSCRIBE, email to debian-qa-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
