I’m packaging Open Policy Agent (OPA) for Fedora. However, with version 0.20.0, OPA added a telemetry service, enabled by default, reporting to a OPA-managed service the OPA version, a UUID and the build architecture (cf changelog and privacy information).
I didn’t find any Fedora policy regarding this kind of opt-out telemetry, so I asked the Fedora Packaging Commitee for advice. I got advised to ask Fedora community on mailing lists and here.
So do you think it is ok to package OPA as is, or should I patch it to make telemetry opt-in by disabling it by default in the Fedora package?
More globally, what do you think should be done in Fedora packages when an upstream project includes a telemetry service?