Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [cross-project-issues-dev] New UUID in Eclipse Platform 
Ed Willink <ed@xxxxxxxxxxxxx> writes:

> You are now destroying your goal since you have lost your
> credibility. In principle I see no harm to me in the gathered data,
> but I no longer trust the EF to do the right thing. I'll be uuid=0
> henceforth.

Same here. From multiple cases including this one, I see that
security/privacy aspects WRT users are just an afterthought. Would be
glad to see the opposite.

The platform should set reasonable defaults and allow to change
them. The fact is EF's p2 repositories are served over HTTP and I see no
intention to support HTTPS. Now EF decides for the user it is safe to
broadcast Eclipse^Wuser's UUID in clear text. I can not say this is
reasonable default.

And I still don't understand why not to opt-in. Are users such evil
creatures and don't understand the value their feedback has to the
project? AERI asks for such permission, what makes Eclipse UUID + p2 +
MPC such special case?

> NB. The uuid=0 is not an opt-out since the opt-out cannot easily be
> made till after an opt-in has been in place for minutes if not
> days. (I cannot edit a file to be uuid=0 until Eclipse startup has
> created the file and no doubt done an initial communication with some
> server.)

To be fair, opt-out technically works - just

    echo "eclipse.uuid=0" > ~/.eclipse/eclipse.uuid

_before_ running Oomph/Eclipse Installer or any post-Neon M7 based
application.

The problem is the visibility of this feature - the last item in the New
& Noteworthy? Why not the first one?

-- 
Mykola
https://manandbytes.github.io/

Back to the top