Mailinglist Archive: opensuse-factory (536 mails)

< Previous Next >
Re: [opensuse-factory] Opening private bugs

On 29/05/18 23:43, Anton Aylward wrote:
On 29/05/18 04:05 AM, Simon Lees wrote:
tomer information stays private.
I can read that as "they can benefit from our experience and bug reports
we're not 'professional' enough but we can't benefit from theirs".

Please explain why this is not the case.

There are various certifications that SUSE needs to have in order to
fulfill many of there contracts with customers, these state alongside
other things that customer info must remain private. In the past before
the shared code base the easiest most logical way to do this was to
simply make all SLE bugs private, as I said SUSE Engineering understands
this won't work into the future and are looking into alternatives.

I can see that there is customer info that must remain private.
I, too, an a 'customer' for various entities and I have to supply them with
information such as credit card numbers.

But let's face reality.
Even without the 'Net there's a vast amount of information about me available.
My birth certificate is on record and that record is publicly available in the
appropriate government building. A vendor or bank for financial organization
can access my credit history. My address, residency and residency rail are
available as public records such as voter registration. If you go and read
some detective novels they mention quite a few pre-Internet techniques of
finding 'personal information".

Corporate entities are just as easy. SUSE promotional material mentions
a few of its customers. Their HQ addresses are easy to look up, even
Shareholder reports list directors and the management team, and they can be
looked up as well. Those same shareholder reports give a lot of other
information about various offices and so forth. Then there's the filings with
SEC and in some cases publicly available information that they needed to
to governments and QUANGOs for a whole host of reasons.

But yes, like me and my credit card numbers there is a core that is private.

But I don't see how a bug in FOSS software is in that category.
I don't see that the fact that Company X uses a specific application made of
FOSS software is "private customer information".

Perhaps it would help clear up this matter if you could tell us what class of
information is so sacrosanct, what information I couldn't search & find or
derive using conventional "detective" methods that I read about in detective
detective-lawyer novels.

If you read this thread carefully you will find people giving many
examples for now I will give 1 big obvious one. SUSE has many non
disclosure agreements (NDA)'s with its customers. Regularly there is
information covered by such agreements in bugzilla. This is just one
example others may include logs from customer machines etc.

Previously the easiest way for SUSE to handle this was just creating all
SLE emails as private, as I have said SLE Engineering understands that
doing things this way causes issues and are looking at ways to change
the way they do things, but we as the openSUSE board believe this will
be a medium to long term change so in the mean time we created the
mailing list to make the lives of community members working on openSUSE


Simon Lees (Simotek)

Emergency Update Team
SUSE Linux Adelaide Australia, UTC+10:30
GPG Fingerprint: 5B87 DB9D 88DC F606 E489 CEC5 0922 C246 02F0 014B

< Previous Next >