On 03/06/2017 10:08 PM, YANG Ling via arch-general wrote:
Hi all, Shall we focus on Lukas's questions?
Yes, let's. [skipped - pointlessly quoted and then repeated questions]
My opinions:
1. The first question: Are we fine with sharing the user names? I am fine. But I think some agreements should be made before sharing the data.
There is no need to be fine or not, the user names are *already* public (with the exception of people who have never uploaded a package, left a comment, filed a package request, or indeed visibly interacted with the AUR in any way).
2. The second question: Would it make sense to even make this data publicly available? No, it is not OK. Please check this wiki [1]. Login name or nickname is Personally identifiable information (PII).
Okay... firstly, thanks for the strange Wikipedia proxy.... Stating a tautology does not advance this discussion. No one thought for a moment that usernames weren't somehow "personally identifying information". Lukas elaborated upon this question, by providing actual arguments for and against. By ignoring 90% of what he said, you are stripping the discussion of most meaningful context, and replacing it with some vague buzzwords.
3. The third question: Shall we add some ToS that users need to agree upon when registering? Yes, it is better to have ToS.
This wasn't even the question. Lukas said we should have a ToS, and he *asked* if anyone was willing to draft one. ... I really don't understand why people seem to have a paranoia issue with other people having an efficient interface to data that is already there. Researchers and Peeping Toms can already find out all this information by hitting the AUR server a lot and scraping HTML responses, offering the *same* data with less overhead can only serve to ease server congestion (on "our" end) and *time expended* reinventing the username list (on "their" end). Do we wish to penalize all researchers for the evil habit of extracting personally identifiable information, by making them slog through the process of compiling their information? Knowing full well that it won't actually stop them (for good or for ill)? Do we even owe anything to the relevant users? Since there is no ToS, an argument could be made that we all agreed to share whatever information we have in fact shared, without asking for qualifications about what the Arch Linux project intended to *do* with our usernames etc. (The usual IANAL applies.) tl;dr Let us emulate the forums, and provide a username list only accessible to logged-in AUR users. -- Eli Schwartz