Hi,

Where is it described exactly what is collected?  Descriptions I see say it is "basically ..."  well, no, I want a full description of all data collected, particularly if it collects versions of software as knowing what version of software I'm running lets you know what I'm vulnerable to.

Is the data sent via SSL?

Is the data stored encrypted in your data center?

I certainly don't want my c library version, mariadb version, etc, sent in clear over the internet where anybody can read it, and I don't want it stored unencrypted at rest somewhere, where someone can just abscond with it.

Etc.,

On Tue, Mar 10, 2015 at 2:22 AM, Federico Razzoli <federico_raz@yahoo.it> wrote:
I am no lawyer, but please consider possible legal problems for users.
1) I sign an NDA with my customer
2) I enable Feedback
3) You see things I shouldn't reveal.
I know that my data are not sent. And you say it's anonymous.
But you will have at least the server's IP and MAC.
The real problem is not if we trust trusting YOU (I do) - the real problem is that sending that data could be illegal.

Regards
Federico



--------------------------------------------
Lun 9/3/15, Jean Weisbuch <jean@phpnet.org> ha scritto:

 Oggetto: Re: [Maria-discuss] Enabling feedback pluging for MariaDB 10.1.4
 A: maria-discuss@lists.launchpad.net
 Data: Lunedì 9 marzo 2015, 22:12


     As long as its limited to beta and alpha releases i dont
 think its
     that bad to enable it by default as users using these
 versions
     should already be aware of their not production-ready
 state.

     As it seems to be simple to enable/disable the plugin
 with the
     "feedback" variable, it shouldnt be a problem
 to deactivate it if
     the server is upgraded to a GA release.



     I cant say about the real interest of the harvested
 informations but
     it could be of interest to see if a significant number
 of users are
     trying to install these versions on exotic
 architectures/OSes or
     with a very high cpu count for example.

     Collecting the libc version (when applicable) could also
 be
     interresting i think.



     Le 09/03/2015 21:47,
 Adam Scott a
       écrit :



       Maybe make it an
 option when installing?



         On Mon, Mar 9,
 2015 at 1:05 PM, Justin
           Swanhart <greenlion@gmail.com>
           wrote:


             Hi,



               I agree with Kristian.  Given the way it
 works, the
                 statistics are really meaningless and I feel
 you
                 shouldn't drive important choices based
 on bad
                 statistics.  I personally would suggest
 displaying a
                 link to a feedback/survey form with web
 downloads and
                 display a message after rpm/deb installation
 that says
                 something like "please visit http://blah/blah/blah/survey
                 to tell us more about the features you use
 and help
                 direct the future development of
 MariaDB".  This has an
                 added bonus: not all users know about all
 features, and
                 a list/survey of the important and
 interesting ones
                 could get more users to use them.



               Just my $.02




                   --Justin





                   On
 Mon, Mar 9, 2015 at 1:19
                     AM, Kristian Nielsen <knielsen@knielsen-hq.org>
                     wrote:

                     Michael
                         Widenius <monty@askmonty.org>
                         writes:



                         > for the alpha so I suggested
 Sergei today
                         that we should enable it for

                         > the beta period of MariaDB
 10.0



                       (10.*1* beta, I guess?)



                         > As most MariaDB users should
 know, the
                         feedback is totally anonymous

                         > and no private or sensitive
 information is
                         being sent.

                         >

                         > Any comments, suggestions or
                         recommendations?



                       I think it is a bad idea.
 Please do not do
                       it.



                       "Phone-home" is a misfeature
 in any product, and
                       even more so in system

                       software like a database.



                       And besides, the information is much
 less useful
                       than you think, because of

                       unknown, but probably extreme, data
 skew. In fact,
                       it will probably be more

                       harmful than useful because people
 will use bad
                       data to justify bad

                       decisions.



                       Experience supports this point of view
 with our
                       download numbers. They do not

                       include apt-get / yum / etc.
 installations, which
                       judging from IRC

                       conversations are the majority. Yet
 people
                       continuely refer to them as though

                       they mean anything, just because they
 are there.



                            - Kristian.











 -----Segue allegato-----

 _______________________________________________
 Mailing list: https://launchpad.net/~maria-discuss
 Post to     : maria-discuss@lists.launchpad.net
 Unsubscribe : https://launchpad.net/~maria-discuss
 More help   : https://help.launchpad.net/ListHelp


_______________________________________________
Mailing list: https://launchpad.net/~maria-discuss
Post to     : maria-discuss@lists.launchpad.net
Unsubscribe : https://launchpad.net/~maria-discuss
More help   : https://help.launchpad.net/ListHelp