I do not understand where these undirected grievances against Red Hat are coming from. But be aware that despite the high percentage of Red Hat people in most teams/elements (which might also be related that many community members are interested in applying at Red Hat by the way), in most teams/elements you also have non-Red Haters contained. Thus, undermining the decision making or imposing will on the community would be hard to implement but easy to identify because in nearly all cases, non-Red Haters would be involved as well.
Of course our goals and structures are complementary to Red Hat (… and vice versa), so the decisions will also often positively correlate. But we had already decisions that were against the “corporate path” of Red Hat (e.g., BTRFS). Red Hat might be able to provide stronger incentives to the community than other corporate entities, but they cannot impose. Btw, neither the Council nor FESCo do contain only RH people - and decisions are consensus driven.
Of course perception matters, and if anyone has an explicit case/action/development that makes you suspicious and that makes you feel that Fedora looses or lost its independence, feel free to open a topic and try to emotionless elaborate the very issue and make a proposal how to solve it, or allow us to explain if something is unclear: the community should be sufficiently transparent to reproduce how decisions have been made - we can help to disentangle.
But please avoid the undirected grievances here. This is only about a proposal that can be accepted only by the consensus of elements that both are not Red Hat-only.
AFAIK, 9/10 of the FESCo members and 6/7 of the Council members are Hatters. I agree that this shouldn’t be characterized as a RH decision, because Fedora is a community project with its own governing bodies. However, it is worth recognizing that these bodies are dominated by Red Hat employees, even if their job isn’t to speak for Red Hat.
It was and is up to the community to decide whom to vote in a public process: we have two elected representatives at Council. If you follow the CVs of the Council, you will also find out that at least two of the RH-Council members started with Fedora and joined RH after that, not vice versa. Be also aware that reputation is much (if not everything) in software development, Open Source, research and so on: people with a well reputation have strong incentives to not let others undermine their decisions since they are held accountable (this can be worse than what your employer can do). RH people might have more working time to invest in Fedora, increasing their chances to get voted through their contributions (“incentives”), but the community decides whom to vote. And from ballots up to decisions, things are transparent and reproducible. Please open a new topic if you want to get deeper in this.
Yes, let’s be very clear on that: if Fedora rejects this, Red Hat Display Systems Team (the team behind Fedora Workstation) will be quite disappointed, but we’ll move on. “Forcing things through” does not and will not work in Fedora.
That said, I do hope to convince as many of you as possible that telemetry is a good idea.
I don’t think we can have a meaningful policy for Fedora until we clean this up. It may be possible to side-step this issue by making it clear that this is a Red Hat effort, and that any potential opt-out only applies to Red Hat data collection. This still requires some work across Red Hat to validate, of course. It won’t look great because of the required weasel wording many places that policy and opt-ins/opt-outs do not apply to all Fedora software, but some (unspecified?) subset.
I cannot speak for all of those folks, but I can speak for myself. I am a FESCo member elected by the community. Despite being a Red Hat employee allowed to dedicate a certain amount of my working time to FESCo things, being on FESCo is not my job and I am not in FESCo to represent Red Hat. Nobody from Red Hat management has ever asked me to vote in a particular way and if they did I’d told them to stop. Only once I received an email from a higher-up about a FESCo/modularity matter which could be considered a bit persuasive but I decided to act in the community’s best interest anyway.
For example, if I see that this change proposal is a no-go for our community (as it seems), I will vote -1 for this proposal. There is no evil Red Hat/IBM person hovering over me making me approve this. (Or at least there hasn’t been one before I sent this.)
(Off-topic: I don’t think this forum is going to solve the “long threads on devel” problem, it’s already quite hard to follow the various discussions here.)
This couldn’t have come at a worse time. How tone-deaf to not only outright refuse making the telemetry opt-in rather than opt-out, but to also suggest that those of us who would willingly turn on this telemetry feature would only provide “garbage” data! Extremely unimpressed with Red Hat lately.
Reminder: I won’t reply to posts that mention GDPR. This proposal has been developed in consultation with Fedora Legal. They are here to help ensure that what we do is not illegal.
Your elaboration in this topic conflicts with the arguments of Fedora Legal you proposed. I do not believe that any lawyer told you that you should only care about your database and that nothing else has relations to GDPR. I think to have read that legality issues have been also proposed in the mailing list?
Even if it would be different, your disrespect of users’ worries and thoughts, but also your belief that you can decide for the community that GDPR or other privacy issues are a “must” that is not worth further discussion once a lawyer said its legal, will not support your position.
I really hope that the development here but also the development in the devel mailing list will cause this to end soon, because I see this to develop to a danger and a split to the community, with this discussion and some of its points on itself to damage trust.
Just because it’s legal, it doesn’t mean it’s right.
There is a good reason why the GDPR is so clear about it if personal data is involved.
Consent should be specific, informed, unambiguous, cover all processing activities, and not inferred from silence or pre-ticked boxes, must be clear, concise and non-disruptive.
I think this is a miscommunication. It isn’t that Michael is dismissing anyone’s worries or thoughts. However, it’s never helpful for non-legal-experts to offer legal advice or make strong claims about what the law says. I’m not saying it’s happening here, but I’ve seen plenty of online conversations with frankly wild claims about what the GDPR does or does not compel. Let’s please keep the conversation to what we want to do and how we want to do it, and trust that we will make sure that whatever we do follows all of our legal obligations.
I definitely do not consider myself a GDPR expert and I hated the GDPR exams at university (not law school, only information security and IR ; ), but some of the comments in here reject everything I learned about it and what we have to implement in organizations.
The data that shall leave GDPR area (btw, why do countries apply to be certified by GDPR if personal data is allowed to leave the area anyway?) is able to create profiles. Your legal says that needs opt-in based upon the proposal, and that this also applies to data that can later be put together to become personal. You cannot exclude that from discussion, force that we trust in that a team in the back knows best and argue for a transparent proposal. The argumentation in this topic already undermines trust.
What convinces you that such topics do not belong to what people want and how to? This is a prejudice. I am myself not really a proponent of the GDPR and I see many issues in it, but it ensures some basics in privacy that are important for many users, while data processing in the US has a contrary reputation and is rejected by many. This in conjunction with the argumentation about why and what to exclude from discussion can create harmful perceptions. To assume that related questions have nothing to do with “what and how to do” and to exclude them from discussion is questionable imho.
If this change proposal is approved, the work would be implemented in GNOME (or other upstream components, as appropriate). (The code would be effectively inactive on other distros that do not have the Endless metrics system installed.) Endless has done 98% of the work, so it wouldn’t be accurate to call it an entirely Red Hat effort.
If we do indeed have other OS components that are already collecting their own data separately from this, then we’ll just have to clarify that the Fedora data collection policy (which we are still in the process of drafting) only applies to data collected by Fedora, and not by other OS components that have their own separate upstream data collection.
Let me try to be more clear, then. This proposal as written was reviewed a lawyer who specializes in data protection regulation, including the GDPR. To be completely honest, they seemed puzzled by how little we are trying to collect and the measures taken to separate it from any identifying information. From a strictly legal standpoint, we’ve been cleared for this as proposed, and probably could get approval to do something much more invasive (even though I have and see absolutely no desire to do so).
While Red Hat is US-based, Fedora operates in the EU and provides services to people in Europe. Hence, the cookie notice — annoying or not, it’s the rules! — and we do strictly follow processes compliant with the GDPR.
Ok. Now I think there is a miscommunication/misunderstanding (to be on the same page: this is not meant sarcastic or so). I thought that much of this topic elaborated what data shall be collected, and that it is not yet clear what/how to collect? (At least, it was not clear when the proposal was put forward?)
Beyond that, to go back to my previous point, you still cannot argue that once a lawyer says its legal, no further discussion about privacy shall take place and that all privacy concerns have to be satisfied by the legal argument? This is what I read from some of the points here (less from yours).
I don’t think anyone is meaning to say this. Michael said he wasn’t going to argue about the GDPR, which I took in the way I’m saying about the strictly legal factor. We’re obviously definitely still having (as we should be!) a big discussion about privacy concerns overall!
I wouldn’t normally bother with a post such as this, because really, who ultimately cares. However, since one of the themes of this topic is data points, I’ll write it anyway giving an unambiguous data point. The arrogance and the level of condescension towards users in the proposal and more so in some of the replies by different people here is far more troubling than the proposal itself. Perhaps it was always a bad assumption on my part, but I had believed the people involved with and behind Fedora had respect for the user. It’s clear at this point that assumption is either entirely inaccurate or at a bare minimum needs a series of asterisks.
This isn’t a thread about solving any issues or how to make things better, it’s about a decision that has already been made and how can it be implemented without breaking things critically. The majority of the people in this thread pushing this proposal are Red Hat employees and I think it’s beyond cheeky that only one or two have had the presence of mind to be clear about that when posting.
It was given as a reply to another poster, but I will take Michael Catanzaro’s advice and over the weekend discontinue all use of Fedora Linux.
I wouldn’t normally bother with a post such as this, because really, who ultimately cares. However, since one of the themes of this topic is data points, I’ll write it anyway giving an unambiguous data point. The arrogance and the level of condescension towards users in the proposal and more so in some of the replies by different people here is far more troubling than the proposal itself. Perhaps it was always a bad assumption on my part, but I had believed the people involved with and behind Fedora had respect for the user. It’s clear at this point that assumption is either entirely inaccurate or at a bare minimum needs a series of asterisks.
This isn’t a thread about solving any issues or how to make things better, it’s about a decision that has already been made and how can it be implemented without breaking things critically. The majority of the people in this thread pushing this proposal are Red Hat employees and I think it’s beyond cheeky that only one or two have had the presence of mind to be clear about that when posting.
It was given as a reply to another poster, but I will take Michael Catanzaro’s advice and over the weekend discontinue all use of Fedora Linux.
RedHat are at least asking first, which is a progress in itself. I know of a distro developing company that didn’t ask when they added telemetry and they had to remove it 3 years later after many users criticized them for that on different forums.
We are trying to deal with the trust issue through things like full open source implementation of both client and server and through using community elected organs like FeSCo to make ongoing decisions about what will be measured.
And being able to both target current investments into Fedora and the Linux desktop better and also hopefully be able to use the data to get more investment is a big gain in my view. You are of course free to disagree.