Re: [Savannah-hackers-public] Running GNU Savannah (frontend) locally

[Assaf Gordon]

Hello,

On 09/03/2014 11:43 PM, address@hidden wrote:

> The fact that Savannah data is not easily parsable is a form of
> protection, admittedly weak, but still.

I strongly disagree with the above statement. It is not a protection, neither 
by design nor by coincidence.

> This is also a legal matter, as soon as you deal with personnal data
> aggregation.

If you see a concrete legal problem with packaging information which is already 
publicly accessible to non-logged-in users, please list it.
Otherwise I see no legal issues.

> Let's not confuse data and aggregated data: checking what date you
> coded a feature is one thing, profiling your work-hours habits by
> aggregating your activity is another.

Not only it is not another issue, it is one and the same.
The above sentiment is the same misconception of people sharing things online 
and then act surprised when someone else can access it and make use of it.
If a person submits public information to a public website (a commit to a 
source code repository or an email to a mailing list or a non-private bug 
report on GNU Savannah or anything similar) - it is public.
The person has not further control over it, and should not have any reasonable 
expectation of what can and can not be done with it.

> In addition, in the current context of NSA aggregating data, I think
>  it'd be a bad PR move to start shipping out most of our DB for the
> sake of it.

Certain agencies illegally collecting private or public information is one 
thing.
Me wanting to package information which is already public is another.
Hinting that the two are somehow similar is, in my humble opinion, spreading 
FUD.

Also note that the goal is not to publish the public information "for the sake of 
it",
but to make hacking on GNU Savannah easier, and to encourage people to find 
interesting statistics on public Free Software projects.

> Discussion with Savannah users: yes there are a lot of users, but we
> can still initiate a discussion, e.g. on planet.gnu.org or on
> savannah-users.  Covering enough users to get a representative
> feedback.

I have initiated a discussion. With the people most relevant: Savannah Hackers.
And in this preliminary discussion I have asked for a specific feedback:
Which fields/tables/projects/entries in the database do you consider private, 
or even remotely sensitive? and which are public?
It's a technical question, and even as simple as it is - it hasn't been 
answered.

So to make this discussion even more public with more people who are not 
familiar with GNU Savannah, and before I actually have a good feedback on what 
is private in the database - I feel that would be counter productive at best.

-Assaf