From Mageia wiki
Jump to: navigation, search
m (Projects: adding link to dashboard)
(20 intermediate revisions by 5 users not shown)
Line 1: Line 1:
{{draft}}
+
{{Note|This privacy policy has not been written by lawyers and is subject to enhancement. Please open a bug report on bugs.mageia.org if you notice issues or think that some parts should be improved.}}
  
 
There are 3 different domains:
 
There are 3 different domains:
 
# the '''Mageia operating system''', that you may install and use on your own computing devices;
 
# the '''Mageia operating system''', that you may install and use on your own computing devices;
# the '''Mageia project Web sites''' and online applications, as a visitor,
+
# the '''mageia.org web sites''' as an unauthenticated visitor;
# the '''Mageia Web sites and tools''', as a registered user and a contributor.
+
# the '''mageia.org web sites and tools''', as a registered user and a contributor.
  
== Who to contact ==
+
 
In case of question regarding this policy, please contact the Council, Board or contact AT mageia DOT org.
+
= Who to contact =
 +
In case of question regarding this policy, please contact the Council or Board via contact AT mageia DOT org.
  
 
In case of emergency regarding something related to this policy or user or systems behavior, please mail contact AT mageia DOT org.
 
In case of emergency regarding something related to this policy or user or systems behavior, please mail contact AT mageia DOT org.
  
== General rules ==
+
= General rules =
 
These policy are still/always in the making, so we can improve over time.
 
These policy are still/always in the making, so we can improve over time.
  
 
During this process, we start to disclose what we do, what we would like to do, what principles we would like to follow, and study what other projects do.
 
During this process, we start to disclose what we do, what we would like to do, what principles we would like to follow, and study what other projects do.
  
----
+
= Mageia distribution =
== Mageia distribution privacy policy ==
 
TBD
 
  
----
+
No private data is collected by Mageia.Org via your using of the Mageia operating system. For specific applications by third parties, you need to refer to their own privacy policies.
== Mageia.org Web sites & apps privacy policy ==
 
  
=== Web sites and services access logs ===
+
= mageia.org web sites (unauthenticated) =
  
Most (if not all) '''web services keep access logs''', that include: IP address, browser user-agent (and potentially any request header your user agent send to our servers). These logs are kept at least for one full year (see French law requirements below). They are used by sysadmins and board for service stats and audit, within mageia.org. Some of those logs may be aggregated and filtered to be publicly archived for further historical analytics (see bugs ...).
+
== Web sites and services access logs ==
  
=== Web sites analytics ===
+
Most (if not all) '''web services keep access logs''', that include: IP address, browser user-agent (and potentially any request header your user agent send to our servers). These logs are kept at least for one full year (see French law requirements below). They might be used by sysadmins to debug issues with services (e.g. if a given user can't connect to a service due to unwanted blacklisting).
We currently use, for several of our Web sites the following tracking services:
 
* Google Analytics - for: www.mageia.org, wiki.mageia.org, bugs.mageia.org (pending: forum.mageia.org, blog.mageia.org)
 
* wordpress.com and akismet (spam filter) for blog.mageia.org
 
  
These services collect anonymous traffic data and provide analytics on it. We use those to overview global behavior on our sites and apps, spot and get data to help discuss and improve those.
+
You can check https://bugs.mageia.org/buglist.cgi?keywords=logs for related bugs/requests/etc.
  
Access to these services is available through the board.
+
== Web sites analytics ==
  
TODO tracking code and cookies, lifetime, scope.
+
No collection of user data is made for web sites analytics currently. If you notice any mageia.org service that seems to collect data and is not described in this privacy policy, please notify the Board at contact AT mageia DOT org or open a bug report on bugs.mageia.org so that we can investigate it, as it would likely be a mistake.
  
There's a possibility we migrate to Piwik, but that is still a task to be done (benefits: keep data on our side, publicize reports more easily)
+
= mageia.org web sites and applications (authenticated) =
  
* http://www.google.com/intl/en/analytics/privacyoverview.html
+
We use a LDAP directory to store all registered users/contributors (username, public name, email, hashed password, SSH public key if provided) for: association members management, community members management, non-commercial email notification, authentication across Mageia apps and services. This data is registered, updated and accessed through https://identity.mageia.org/.
* http://www.google.com/intl/fr/analytics/privacyoverview.html
 
  
=== User account and data ===
+
Part of this data is transferred to/by other services, on the person's request, mostly for authentication: wiki.mageia.org, forums.mageia.org, blog.mageia.org, bugs.mageia.org, svn.mageia.org, git.mageia.org, ml.mageia.org.
  
We use a LDAP directory to store all registered users/contributors (username, public name, email, hashed password, other data) for: association members management, community members management, non-commercial email notification, authentication accross Mageia apps and services. This data is registered, updated and accessed through https://identity.mageia.org/.
+
Your location is inferred from your IP address and used by our download scripts (using MaxMind geoip lite database) to redirect you to a "best matching" mirror.
  
Part of this data is transferred to/by other services, on the person's request, mostly for authentication: wiki.mageia.org, forum.mageia.org, blog.mageia.org, bugs.mageia.org, svn.mageia.org, git.mageia.org, ml.mageia.org, mageia.org/mailman.
+
== User contributed content ==
  
=== User contributed content ===
+
Mageia is a collaborative, public project, and all contributions (be it code, documentation, media, designs or discussions - in forums, wikis, bug trackers, code repositories, mailing-lists, IRC channels, etc.) are recorded, stored and made publicly available for further review. Unless specified otherwise, code contributions are under the GPL license and media contributions are under the Creative Commons Attribution - Share Alike 3.0 license.
  
Mageia is a collaborative, public project, and all contributions (be it code, documentation, media, designs or discussions - in forums, wikis, bug trackers, code repositories, mailing-lists, IRC channels, etc.) are recorded, stored and made publicly available for further review. TODO license?
+
== Projects ==
  
 
+
* a [http://dashboard.mageia.org '''dashboard'''] (WIP) may gather and cross some of this data to build: group/team pages, user pages, and on each, link to related docs through mageia.org resources (all packages/bugs relative to someone, or a team/group for instance) (see https://bugs.mageia.org/show_bug.cgi?id=1045)
=== Projects ===
+
* a '''contributor's map''' may publish users location (opt-in only) in the future (see https://bugs.mageia.org/show_bug.cgi?id=998)
* a '''dashboard''' may gather and cross some of this data to build: group/team pages, user pages, and on each, link to related docs through mageia.org resources (all packages/bugs relative to someone, or a team/group for instance) (see https://bugs.mageia.org/show_bug.cgi?id=1045)
 
* a '''contributors' map''' may publish users location (opt-in only) (see https://bugs.mageia.org/show_bug.cgi?id=998)
 
 
* a service to aggregate logs (web, mirrors, bugzilla, buildsystem, code repositories) and provide the possibility to visualize/extract useful patterns/info from it
 
* a service to aggregate logs (web, mirrors, bugzilla, buildsystem, code repositories) and provide the possibility to visualize/extract useful patterns/info from it
  
 +
<!--
 
All aggregated, anonymous, non-personally-identifying data are meant to be released within a metrics publishing/understanding system.
 
All aggregated, anonymous, non-personally-identifying data are meant to be released within a metrics publishing/understanding system.
  
 
This is subject to change/improve, one way or the other.
 
This is subject to change/improve, one way or the other.
 +
-->
 +
 +
= French law requirements =
  
=== French law requirements ===
 
 
Mageia servers are hosted in Marseille, France and under French legislation.  
 
Mageia servers are hosted in Marseille, France and under French legislation.  
  
==== Data retention ====
+
== Data retention ==
 +
 
 
* http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000023646013
 
* http://www.legifrance.gouv.fr/affichTexte.do?cidTexte=JORFTEXT000023646013
 
* http://www.legifrance.gouv.fr/affichTexteArticle.do?cidTexte=JORFTEXT000000801164&idArticle=LEGIARTI000006421546
 
* http://www.legifrance.gouv.fr/affichTexteArticle.do?cidTexte=JORFTEXT000000801164&idArticle=LEGIARTI000006421546
Line 77: Line 73:
  
 
This applies to (OK/TODO):
 
This applies to (OK/TODO):
* www.mageia.org TODO
+
* http://www.mageia.org : OK; contents get published through [http://gitweb.mageia.org/web/www git.mageia.org] (see below); it dynamically includes feeds of information fetched from other sites;
* blog.mageia.org TODO
+
* http://blog.mageia.org: OK; contents are published through WordPress instances;
* svn.mageia.org TODO
+
* [http://svnweb.mageia.org svn.mageia.org]: OK; commits are not anonymous, commit rights are given through LDAP
* git.mageia.org TODO
+
* [http://gitweb.mageia.org git.mageia.org]: OK; commits are not anonymous, commit rights are given through LDAP
* forum.mageia.org TODO
+
* https://bugs.mageia.org: OK; contents are published through a Bugzilla instance; users need to authenticate through LDAP to post there
* bugs.mageia.org TODO
+
* https://wiki.mageia.org: OK; contents are published through a Mediawiki instance; users need to authenticate through LDAP to post there
 +
* https://forum.mageia.org TODO
 
* else?
 
* else?
  
==== Potential use of that data ====
+
== Potential use of that data ==
  
This data may be transferred to judicial authorities for investigation, if appropriately scoped and asked. Any such query, if it ever occurs, will of course be publicly notified in our Bugzilla with keyword "data-request".
+
This data may be transferred to judicial authorities for investigation, if appropriately scoped and asked. Any such query, if it ever occurs, will of course be publicly [https://bugs.mageia.org/buglist.cgi?keywords=data-request notified in our Bugzilla with keyword "data-request"].
  
  
 +
<!--
 
== General principles ==
 
== General principles ==
 
Orientations for the privacy policy for the project. Valid for web site, distribution/software, community tools.
 
Orientations for the privacy policy for the project. Valid for web site, distribution/software, community tools.
Line 146: Line 144:
 
* piwik
 
* piwik
 
* other?
 
* other?
 
+
-->
== Other privacy policies ==
 
* http://www.mozilla.org/about/policies/privacy-policy.html
 
* http://intlstore.mozilla.org/privacy.php
 
* http://www.mozilla.com/en-US/third-party.html
 
* http://www.mozilla.com/en-US/legal/privacy/firefox-en.html
 
* http://www.mozilla.com/en-US/opt-out.html
 
* https://one.ubuntu.com/privacy/
 
* http://twitter.com/privacy
 
* https://www.gov.uk/help/cookies is great!
 
* ?
 
 
 
  
  
 
[[Category:Contributors]]
 
[[Category:Contributors]]
 
[[Category:Policies]]
 
[[Category:Policies]]

Revision as of 19:26, 11 June 2016

Note:
This privacy policy has not been written by lawyers and is subject to enhancement. Please open a bug report on bugs.mageia.org if you notice issues or think that some parts should be improved.

There are 3 different domains:

  1. the Mageia operating system, that you may install and use on your own computing devices;
  2. the mageia.org web sites as an unauthenticated visitor;
  3. the mageia.org web sites and tools, as a registered user and a contributor.


Who to contact

In case of question regarding this policy, please contact the Council or Board via contact AT mageia DOT org.

In case of emergency regarding something related to this policy or user or systems behavior, please mail contact AT mageia DOT org.

General rules

These policy are still/always in the making, so we can improve over time.

During this process, we start to disclose what we do, what we would like to do, what principles we would like to follow, and study what other projects do.

Mageia distribution

No private data is collected by Mageia.Org via your using of the Mageia operating system. For specific applications by third parties, you need to refer to their own privacy policies.

mageia.org web sites (unauthenticated)

Web sites and services access logs

Most (if not all) web services keep access logs, that include: IP address, browser user-agent (and potentially any request header your user agent send to our servers). These logs are kept at least for one full year (see French law requirements below). They might be used by sysadmins to debug issues with services (e.g. if a given user can't connect to a service due to unwanted blacklisting).

You can check https://bugs.mageia.org/buglist.cgi?keywords=logs for related bugs/requests/etc.

Web sites analytics

No collection of user data is made for web sites analytics currently. If you notice any mageia.org service that seems to collect data and is not described in this privacy policy, please notify the Board at contact AT mageia DOT org or open a bug report on bugs.mageia.org so that we can investigate it, as it would likely be a mistake.

mageia.org web sites and applications (authenticated)

We use a LDAP directory to store all registered users/contributors (username, public name, email, hashed password, SSH public key if provided) for: association members management, community members management, non-commercial email notification, authentication across Mageia apps and services. This data is registered, updated and accessed through https://identity.mageia.org/.

Part of this data is transferred to/by other services, on the person's request, mostly for authentication: wiki.mageia.org, forums.mageia.org, blog.mageia.org, bugs.mageia.org, svn.mageia.org, git.mageia.org, ml.mageia.org.

Your location is inferred from your IP address and used by our download scripts (using MaxMind geoip lite database) to redirect you to a "best matching" mirror.

User contributed content

Mageia is a collaborative, public project, and all contributions (be it code, documentation, media, designs or discussions - in forums, wikis, bug trackers, code repositories, mailing-lists, IRC channels, etc.) are recorded, stored and made publicly available for further review. Unless specified otherwise, code contributions are under the GPL license and media contributions are under the Creative Commons Attribution - Share Alike 3.0 license.

Projects

  • a dashboard (WIP) may gather and cross some of this data to build: group/team pages, user pages, and on each, link to related docs through mageia.org resources (all packages/bugs relative to someone, or a team/group for instance) (see https://bugs.mageia.org/show_bug.cgi?id=1045)
  • a contributor's map may publish users location (opt-in only) in the future (see https://bugs.mageia.org/show_bug.cgi?id=998)
  • a service to aggregate logs (web, mirrors, bugzilla, buildsystem, code repositories) and provide the possibility to visualize/extract useful patterns/info from it


French law requirements

Mageia servers are hosted in Marseille, France and under French legislation.

Data retention

By this, we have to keep identifying log data for one year for all contribution activities (that is, when you create, modify or delete content).

  • if you are only a Mageia user, you're not affected by this;
  • if you are only a visitor of our Web services, that only includes your IP address and browser HTTP request headers;
  • if you have a Mageia user or contributor account, that includes your IP address, browser HTTP headers, uid, nicknames, email addresses, phone numbers, real name if you provided those, the contents/modifications you post, times of access and password hash (whatever useless this can be) - this does not include your public key.

This applies to (OK/TODO):

Potential use of that data

This data may be transferred to judicial authorities for investigation, if appropriately scoped and asked. Any such query, if it ever occurs, will of course be publicly notified in our Bugzilla with keyword "data-request".