Hello, On 09/03/2014 11:43 PM, [email protected] wrote:
The fact that Savannah data is not easily parsable is a form of protection, admittedly weak, but still.
I strongly disagree with the above statement. It is not a protection, neither by design nor by coincidence.
This is also a legal matter, as soon as you deal with personnal data aggregation.
If you see a concrete legal problem with packaging information which is already publicly accessible to non-logged-in users, please list it. Otherwise I see no legal issues.
Let's not confuse data and aggregated data: checking what date you coded a feature is one thing, profiling your work-hours habits by aggregating your activity is another.
Not only it is not another issue, it is one and the same. The above sentiment is the same misconception of people sharing things online and then act surprised when someone else can access it and make use of it. If a person submits public information to a public website (a commit to a source code repository or an email to a mailing list or a non-private bug report on GNU Savannah or anything similar) - it is public. The person has not further control over it, and should not have any reasonable expectation of what can and can not be done with it.
In addition, in the current context of NSA aggregating data, I think it'd be a bad PR move to start shipping out most of our DB for the sake of it.
Certain agencies illegally collecting private or public information is one thing. Me wanting to package information which is already public is another. Hinting that the two are somehow similar is, in my humble opinion, spreading FUD. Also note that the goal is not to publish the public information "for the sake of it", but to make hacking on GNU Savannah easier, and to encourage people to find interesting statistics on public Free Software projects.
Discussion with Savannah users: yes there are a lot of users, but we can still initiate a discussion, e.g. on planet.gnu.org or on savannah-users. Covering enough users to get a representative feedback.
I have initiated a discussion. With the people most relevant: Savannah Hackers. And in this preliminary discussion I have asked for a specific feedback: Which fields/tables/projects/entries in the database do you consider private, or even remotely sensitive? and which are public? It's a technical question, and even as simple as it is - it hasn't been answered. So to make this discussion even more public with more people who are not familiar with GNU Savannah, and before I actually have a good feedback on what is private in the database - I feel that would be counter productive at best. -Assaf
