Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[cross-project-issues-dev] UDC concerns

This is a follow up to the UDC discussion on the Ganymede call.  I'm
positive overall about the benefits of data collection of this sort and have
lead a related effort, which was very beneficial to the Mylyn project [1].
But due to the sensitivity of privacy and different conventions in countries
like Germany, it's tricky to do right.  In addition, what today's call also
demonstrated is the importance of getting the communication of what's going
on right.  I've expressed similar concerns in prior correspondence with UDC
folks and I want to point out that they have addressed many of them already

The key concern I have left is the repercussions of developers in large
organizations agreeing to the UDC collection, then down the road having
management notice that transmission of the data was not desirable.  Here are
two concrete scenarios, both having to do with the fact that bundle IDs and
other IDs are uploaded:

1) An ISV is working on an Eclipse-based tool that's confidential and won't
be announced for some time.  With the current collection policy, naming and
details about the functionality of the UI are present in the IDs collected
and uploaded. 

2) A large company has provides a closed source tool suite.  Internally it
turns out that a significant number of developers are using a competitor's
tool suite instead, as evidenced by the competitor's IDs and other patterns
in the IDs and logs identifying the large company.

If I was a manager in either of those companies, I would not want that data
leaving my company firewall.  So I would put in a policy that we revert to
exclusively using Eclipse Classic, or have an internal distro that removes
UDC from EPP.  If I found out six months down the road that most of my
developers were uploading this data to, I would not be happy.
Then I would probably be asking my lawyers to read over the Terms of Use and
considering whether I should request the Eclipse Foundation to remove my
data in case the Terms of Use are not set in stone.

Both of the above have implications to PR and the perceptions of the Eclipse
downloads, which are largely defined by what's in EPP.  Here are some ideas
for addressing these concerns:

* Make a very clear FAQ entry so that developers can make an informed
decision about which UDC configuration to use.  I'm guessing that most
companies won't have a policy about UDC like things in the IDE, so the
developer will need enough information to make a decision that's in the best
interest of their company.  Link that FAQ entry from the initial dialog,
just as the "Terms of Use" is linked.

* Consider making a check box along the lines of "Filter non org.eclipse.*
bundles. Use this option if using confidential tools".  I think that it
would be lower risk to make the user have to opt-in to collect info from all
bundles, but perhaps if worded clearly enough it could work as opt-out.


[2] see "How does it work?"

Mik Kersten
President & CTO, 
Project Lead,

Back to the top