Posted by xurizaemon on July 1, 2010 at 10:38pm
I posted this question yesterday after seeing some contrib code (not yet submitted) which included HTML tags to track module installations.
I'd appreciate any pointers or feedback on the practice, and how we can educate contrib developers about what practices are and aren't acceptable in code hosted on Drupal.org.
I don't know of any specific security or privacy policy this practice would be forbidden by, even though to me it seems clear that the practice wouldn't be acceptable.
Thanks in advance!
Comments
Modules should not report stats back
It's clear policy now that contrib modules should not track module installations.
See this security advisory and CVS account suspension.
You yourself proposed the privacy policy for contributions, so i doubt i'm giving you any new information, but putting it in one place for the next person to come along!
benjamin, agaric
More complex that we would like
From the Kaltura situation and other similar events ISTR, I would say our policy on that regard is not to disallow reporting anything, but making it strictly explicit to sites deploying the modules.
We may even require opt-in instead of opt-out, although the situation may not be as clear cut: any module deployed on a site in the default configuration has update module reporting it to d.o. itself, and any module with a custom update url has deployment stats being reported to its update server.
The situation to be addressed is likely to be more complex than we might wish:
And, of course, as someone said in the already mentioned issue, trying to define clear cut rules will have "rocket scientist" interpreting rules to their advantage. Potter Stewart judgments, it seems.