Policy regarding opt-out telemetry and privacy

Hi all,

I’m packaging Open Policy Agent (OPA) for Fedora. However, with version 0.20.0, OPA added a telemetry service, enabled by default, reporting to a OPA-managed service the OPA version, a UUID and the build architecture (cf changelog and privacy information).

I didn’t find any Fedora policy regarding this kind of opt-out telemetry, so I asked the Fedora Packaging Commitee for advice. I got advised to ask Fedora community on mailing lists and here.

So do you think it is ok to package OPA as is, or should I patch it to make telemetry opt-in by disabling it by default in the Fedora package?

More globally, what do you think should be done in Fedora packages when an upstream project includes a telemetry service?

1 Like

IMO, opt-in should always be default. If service will not run without it, then do not package it.

2 Likes

I agree completely with mmorrell. opt-in must be our default in all cases.

1 Like

Thank you @mmorrell2016 and @tablepc. I did switch telemetry from opt-out to opt-in.
I’ll inform upstream of that change.

3 Likes