Difference between revisions of "Policies/Uploading and Downloading from Eclipse Software Policy"

From Eclipsepedia

Jump to: navigation, search
(Private Information)
Line 21: Line 21:
 
Any information provided from an end-user installation to an Eclipse Foundation server is subject to the terms of the [http://www.eclipse.org/legal/privacy.php Eclipse Privacy Policy].
 
Any information provided from an end-user installation to an Eclipse Foundation server is subject to the terms of the [http://www.eclipse.org/legal/privacy.php Eclipse Privacy Policy].
  
Raw data, which may include non-obvious potentially private information, needs to be transferred securely.
+
Raw data, which may include non-obvious potentially private information, must be transferred securely.
  
Raw data needs to be stored securely and access to the data needs to be strictly controlled.
+
Raw data must be stored securely and access to the data needs to be strictly controlled. To access the raw data, an individual must be a committer, and sign a non-disclosure agreement (NDA) with The Eclipse Foundation.
  
 
Obvious means of identifying a specific individual or organization (e.g. IP address) must not be persisted.
 
Obvious means of identifying a specific individual or organization (e.g. IP address) must not be persisted.
  
 
Reasonable effort must be taken to avoid persisting or disseminating information that can inadvertently be used to identify an individual or organization.
 
Reasonable effort must be taken to avoid persisting or disseminating information that can inadvertently be used to identify an individual or organization.
 
To access the raw data, an individual must be a committer, and sign a non-disclosure agreement (NDA) with The Eclipse Foundation.
 
  
 
=Storage=
 
=Storage=

Revision as of 14:32, 18 October 2013

Warning2.png
This is a work-in-progress; this policy is not in effect.


This policy is concerned with Eclipse Foundation project code "calling home" or otherwise providing data out of user installations to Eclipse Foundation Servers.

This policy applies to Eclipse projects that need to:

  • check for updates;
  • provide a heartbeat;
  • gather usage statistics;
  • harvest data from a user's workstation; or
  • otherwise collect information from user installations.

Contents

Opt-in

Any call home service would have to be opt-in. A user must explicitly agree to participate. If the nature of the data being collected changes, the user must be informed of the changes and be given the opportunity to explicitly agree to continue participation.

The user needs to be able to review any data included with the call home before it is sent.

Private Information

Any information provided from an end-user installation to an Eclipse Foundation server is subject to the terms of the Eclipse Privacy Policy.

Raw data, which may include non-obvious potentially private information, must be transferred securely.

Raw data must be stored securely and access to the data needs to be strictly controlled. To access the raw data, an individual must be a committer, and sign a non-disclosure agreement (NDA) with The Eclipse Foundation.

Obvious means of identifying a specific individual or organization (e.g. IP address) must not be persisted.

Reasonable effort must be taken to avoid persisting or disseminating information that can inadvertently be used to identify an individual or organization.

Storage

The target for data collected by content distributed from eclipse.org must be an Eclipse Foundation server (e.g. the Eclipse packages must be configured to send data to an eclipse.org server). This can be configurable by adopters to send to an alternate server.

Dissemination

Aggregate data needs to be publicly accessible.

The retention policy for publicly accessible data must be documented.

Auditing and Approval

Documentation, including a full description of the nature of all information captured by a call-home service, must be publicly accessible.

The implementation of a call-home service must be reviewed and approved by the implementing project's Project Management Committee (PMC).

Any project implementing a call-home service must get approval from EMO(ED).

Common Mechanism

Reasonable effort must be undertaken to leverage existing "call home" mechanisms rather than create new ones.