Re: Proposal to have NDAs for sysadmins

From: Andrea Veri <av gnome org>
To: Kurt von Finck <mneptok mneptok com>
Cc: GNOME Infrastructure <gnome-infrastructure gnome org>
Subject: Re: Proposal to have NDAs for sysadmins
Date: Mon, 10 Nov 2014 13:37:02 +0100

2014-11-05 14:58 GMT+01:00 Kurt von Finck <mneptok mneptok com>:

What problem is this meant to address? Why now? What happened to make this
an issue that requires a formal NDA?


The GNOME Foundation is currently working on a Privacy Policy [1] and
during the whole discussion we also analyzed the fact users might be
interested in seeing their data is managed by a team of people that
are subjected to a set of rules that forbids them to actually disclose
any information they gather during their daily work with third
parties.

It strikes me personally that this is a "feel good" measure designed to show
that the Foundation is doing something to keep user data private. But think
of it in terms of McDonald's making a public pledge to never poison people.
It would give you pause and make you wonder why they felt they needed to say
anything on that score. It should be a fundamental corporate policy not to
poison customers, and should go without saying.

I think this is a similar case. I think it should go without saying that
those entrusted with the GNOME infrastructure are people that value privacy.


I think the NDA we proposed does not add any extra layer to how the
current things are supposed to work. What the NDA mentions is
something you should have had in mind already when participating to
the duties of the Sysadmin Team. What is says can really be resumed in
a few points:

1. don't disclose / sell any personal information found on the GNOME
Infrastructure to third parties
2. make sure all the best precautions are used when storing sensible user data
3. disclose the information with the user requesting it prior
verifying the identity (in the case of a specific IP being blocked for
example, or the uncertainty of the user when trying to find out what
SSH key or e-mail was registered on the account)

Which of these 3 points are you unsure about or are doubtful you could infringe?

Thanks for bringing the discussion up!

[1] https://wiki.gnome.org/Foundation/Privacy

-- 
Cheers,

Andrea

Debian Developer,
Fedora / EPEL packager,
GNOME Infrastructure Team Coordinator,
GNOME Foundation Board of Directors member,
GNOME Foundation Membership & Elections Committee Chairman

Homepage: http://www.gnome.org/~av

References:
- Proposal to have NDAs for sysadmins
  - From: Ekaterina Gerasimova
- Fwd: Proposal to have NDAs for sysadmins
  - From: Kurt von Finck

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]