Policy regarding opt-out telemetry and privacy

olem · October 27, 2020, 10:21pm

Hi all,

I’m packaging Open Policy Agent (OPA) for Fedora. However, with version 0.20.0, OPA added a telemetry service, enabled by default, reporting to a OPA-managed service the OPA version, a UUID and the build architecture (cf changelog and privacy information).

I didn’t find any Fedora policy regarding this kind of opt-out telemetry, so I asked the Fedora Packaging Commitee for advice. I got advised to ask Fedora community on mailing lists and here.

So do you think it is ok to package OPA as is, or should I patch it to make telemetry opt-in by disabling it by default in the Fedora package?

More globally, what do you think should be done in Fedora packages when an upstream project includes a telemetry service?

mmorrell2016 · October 28, 2020, 3:55pm

IMO, opt-in should always be default. If service will not run without it, then do not package it.

tablepc · October 29, 2020, 1:12pm

I agree completely with mmorrell. opt-in must be our default in all cases.

olem · November 2, 2020, 12:28pm

Thank you @mmorrell2016 and @tablepc. I did switch telemetry from opt-out to opt-in.
I’ll inform upstream of that change.

Topic		Replies	Views
Questions about opt-in telemetry Ask Fedora f42	41	2370	October 14, 2025
Fedora 42: Does it have telemetry? Ask Fedora f42	10	2517	April 19, 2025
Why is Mozilla Firefox built with telemetry reporting explicity enabled? Project Discussion package-maintainers , problem , marketing-team , workstation-wg	13	1807	March 5, 2025
Fedora 40: Does it have telemetry built into it? Ask Fedora	11	4576	April 22, 2024
Fedora 39: Is this the last edition which has no telemetry built into it? Ask Fedora f39	12	1855	November 18, 2023

Policy regarding opt-out telemetry and privacy

Related topics