Drupal.org policies on module behaviour

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
xurizaemon's picture
Posted by xurizaemon on July 1, 2010 at 10:38pm

I posted this question yesterday after seeing some contrib code (not yet submitted) which included HTML tags to track module installations.

I'd appreciate any pointers or feedback on the practice, and how we can educate contrib developers about what practices are and aren't acceptable in code hosted on Drupal.org.

I don't know of any specific security or privacy policy this practice would be forbidden by, even though to me it seems clear that the practice wouldn't be acceptable.

Thanks in advance!

http://twitter.com/grobot

Comments

Modules should not report stats back

Posted by mlncn on August 8, 2010 at 3:51pm
mlncn's picture

It's clear policy now that contrib modules should not track module installations.

See this security advisory and CVS account suspension.

You yourself proposed the privacy policy for contributions, so i doubt i'm giving you any new information, but putting it in one place for the next person to come along!

benjamin, agaric

More complex that we would like

Posted by fgm on November 17, 2012 at 9:38pm
fgm's picture

From the Kaltura situation and other similar events ISTR, I would say our policy on that regard is not to disallow reporting anything, but making it strictly explicit to sites deploying the modules.

We may even require opt-in instead of opt-out, although the situation may not be as clear cut: any module deployed on a site in the default configuration has update module reporting it to d.o. itself, and any module with a custom update url has deployment stats being reported to its update server.

The situation to be addressed is likely to be more complex than we might wish:

  • reporting on module installs, as provided by core update and its previous update_status incarnation. Likely to be acceptable as opt-out, as long as it only reports on installs and/or current deployed instances, typically for security purposes (updates) or decisions by the module authors regarding sites potentially affected by code changes
  • reporting on site use, like number of forms being displayed over time, like spam control modules can do, or reporting on module use, like tracking visitors themselves, as provided by analytics modules. Some of these, like Google Analytics or Mollom, are by purpose reporting to third-party servers, and won't even be of any use without such reporting. So installing them can be seen as an "implicit" opt-in. But this raises the question of the level of information of site users where such a module is deployed. GA has provisions about this, like clear documentation and use of the global opt-out list, but other modules may not be so evolved. I'm not sure the spam control family of modules (Akismet and others) are as protective of privacy, actually. I suspect this will always be a grey area at some level: any such service deployed in the cloud will be more or less directly trackable in the cloud hosting service bandwidth usage reports, although no private information about visitors will be available. Do we have a problem with that ?
  • reporting on site visitors where this is not the documented purpose of the module, as happened (among other problems) in the Kaltura issue mentioned by mlncn. We have, I hope, a consensus that this should at a minimum be an opt-in feature, and never an opt-out or, worse, something hidden in the code as in the issue already mentioned.

And, of course, as someone said in the already mentioned issue, trying to define clear cut rules will have "rocket scientist" interpreting rules to their advantage. Potter Stewart judgments, it seems.

New Zealand

Group organizers

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

Hot content this week

See all hot content.