[Systems] Data Request / Privacy Policy query Was Fwd: [IAEP] Preparing for the 2017 SLOB Election

[Chris Leonard]

On Wed, Aug 17, 2016 at 7:45 PM, Dave Crossland <dave at lab6.com> wrote:
>
> Hi Chris!
>
> On 17 August 2016 at 18:54, Chris Leonard <cjlhomeaddress at gmail.com> wrote:
>>
>>
>> Of course, I have such a list (2.3K accounts from former Pootle
>> instance that did not get transferred in the last migration).  The
>> question is what policy gives me the right to share it
>
>
> How do you see yourself as different to me in regards to accessing this
> data? What right do you have, in the first place, to access the data? How is
> my position different to yours? We are both members.

I'm sorry, I'm just not sure is you've got sysadmi nprivs, whixh is
basically the question.  I've been granted sysadmin level access on
Pootle and there fore owe sysadmin levels of care in distributing what
our Privacy policy suggests I should only share with another sysadmin
(confidential use for legitimate purposes by a non-sysadmin may well
be permissible by consensus interpretation of policy and it's
implementation.

I'm not claiming any more privilege than you, only asking advice rfom
peer sysadmin level actors for a call on the data use request embodied
by the spreadsheet I created.  I'm happy to share if I am told I am
allowed to, it's quite simple.


> I wonder that perhaps you are saying your contractual relationship with
> Conservancy gives you more access to Sugar Labs data than other members who
> ask for such access; but then, your access predates your contract.

No, not at all, see above.

>>
>> (being
>> identifying and e-mail, semi sensitive log data from the former Pootle
>> server, etc..  User log dumps command reasonable security protocols
>> and respect of existing privacy policy, which I think is this.
>
>
> Ideally I would like name, email, account creation date, and date of last
> activity; the latter 2 data will help segment the list to draft slightly
> different texts that may be more appropriate.


id
username
first_name
email
is_staff
is_active
is_superuser
last_login
date_joined
active

plus a few columns I'm using to track my "re-recruiting" progress in
reaching out ot get people logged onto ot our Pootle instance and
contributing again.



>>
>> http://sfconservancy.org/privacy-policy/
>>
>> or am I mistaken?
>
>
> I'm curious why you mention the Conservancy's Privacy Policy; is that
> applied to all member projects?
>
>>
>> Anyone with sysadmin privs can unpack the server
>> files like I did, so you guys tell me the right thing to do.
>
>
> :)
>
>>
>> Do we
>> have a common secure transmission schema, should I just create a
>> folder on the server and drop a spreadsheet in with sftp?
>
>
> Sure; I don't have ssh access to translate.sugarlabs.org but I can access
> dcrossland at sunjammer.sugarlabs.org so you could drop it in there.


I'll happily use sunjammer as a secure method, I'm just doing a
courtesy policy check as anyone who takes this "other people's
privacy" stuff seriously would be expected to do.


> --
> Cheers
> Dave