Anne Wilson wrote:
On Thursday 12 October 2006 22:26, Rahul Sundaram wrote:
http://lwn.net/SubscriberLink/203694/dab52f06fe38ff16/
There really is a lot of bs talked, isn't there? I get Fedora for free. I've
always assumed that it was perfectly reasonable that Fedora should be able to
know that I use their update systems. So they want to actually count? So
what? 'Tracking system' implies watching where you go and what you are
doing. I don't see any reason to believe that that was the intention.
LWN had an article the other month that their subscriptions were a bit
moribund. Since then they had the rpm kerfuffle, the busybox kerfuffle
and now the rhat 'tracking' kerfuffle. I think they're doing a good job
becoming non-moribund - and good luck to them since it's informative and
entertaining to read corbet's work. However, these are all really quite
political issues with an inevitable slant in how they are summarized
(despite I see some effort usually to show both sides of the coin).
This one is "RHAT is becoming MSFT".
There is a rich vein to mine about the way that a funded organization in
control of a free project (let's not forget, Novell, Ubuntu, Mandriva)
affects the relationship of the users and in decision making. I don't
think the tracking jpeg is a good way to come at acquiring stats on the
userbase, but if RHAT wanted to put it in it hardly seems worth
objecting to, since the box will shortly have its fingerprints all over
the mirrorlist and update mirrors anyway, for which we must thank RHAT
for managing for $0.
Just to clear up the issue of European privacy laws, they refer to *retention*
of personal details. It will be for lawyers to decide whether IPs are being
retained long enough to cause a breach.
IPs are in the logs anyway, it can't be a problem.
I think the guy that proposed the mirrorlist fetch tracking was on to
the right way for sure. Even better would be a programme to process
mirror logs to get anaonymized stats, done at the mirror site. I know
they are independently managed and using a wide set of platforms, but
you wouldn't have to capture all of them to get a statistically useful
window into how many boxes are installed, and on regular or irregular
updates, with nothing on the clientside. It would be quite interesting
to look at security update uptake over time as well.
-Andy