errors.ubuntu.com: mechanism on Server

Evan Dandrea evan.dandrea at canonical.com
Fri Jun 7 10:15:17 UTC 2013 

On 7 June 2013 10:00, Robie Basak <robie.basak at canonical.com> wrote:
> On Thu, Jun 06, 2013 at 04:19:46PM -0400, Scott Kitterman wrote:
>> Of course this should be defaulted to no.    Given that the reports to e.u.c
>> are treated as more sensitive than crash reports to Launchpad, it is at best
>> counter-intuitive to expect that sending reports is a reasonable default.

Actually, reports to Launchpad are not intended to be treated as any
less sensitive. We've just been slow to move access to crash report
data in Launchpad bugs over to the NDA. The same concern is there:
without an NDA, there's absolutely no recourse to someone doing
malicious things with the private data found in those reports, whether
they be on errors.ubuntu.com or bugs.launchpad.net.

~ubuntu-bugcontrol was expedient and well-intentioned, but it's a gamble.

Perhaps I'm misunderstanding what you're saying, Scott? I don't see
how having the contract between our users and the developers wishing
to look at that potentially sensitive data, laying out the terms for
doing so, makes sending the reports an unreasonable default when
compared against not having such an agreement in place.

On Thu, Jun 06, 2013 at 12:44:47PM -0700, Clint Byrum wrote:
> Turning this on without explicit user authorization would be a
> breach of confidence in Ubuntu Server.
> More info: https://wiki.ubuntu.com/ServerTeam

That was not suggested. This is not a default without consent.

For the interactive case, the user has a section of text explaining
the choice in front of them, with the default cursor position being on
"Yes, I would like to help make Ubuntu better by submitting error
reports." This does not turn on something behind the backs of users
who wouldn't want it, but it does make less work for the vast majority
who would find the notion of Ubuntu getting better as result of
sending a small amount of data a worthy proposition.

Now, Alex makes a really good point:

On 6 June 2013 20:01, Alex Muntada <alexm at alexm.org> wrote:
> Though i understand that enabling it by default the number of reports
> will be much bigger, i'd prefer a more conservative approach and set
> the default to No. Even if one can set that value via preseed, it's
> difficult to make so unless one's aware of its existence first. And
> providing that many server installations are unattended nowadays, i
> see that the Yes default could raise many concerns about the privacy
> of the reports.

We should definitely not do this. If the value is not preseeded, it
should not default to true. We have not explained to those people what
they'd be agreeing to. However, I believe it still makes sense to have
the default action within an interactive d-i session to be "yes". All
of this is achievable in the debconf protocol.

The error reporting system is nothing new. We have an excellent track
record in being protective of the data submitted to this system from
lots of desktop systems, giving data access only to those who can sign
a legally-binding agreement to not misuse it, provide us with real
world contact details, and demonstrate a valid use for their access.
Abusers can and will be prosecuted, but we know our development
community; these are good people.

There have already been well documented cases of serious issues being
discovered by https://errors.ubuntu.com that would've never been
uncovered using the old developer-centric opt-in approach of apport
reporting into Launchpad bugs. It is not a stretch to say there's a
strong connection between the variety of reports we get and our
further understanding of what the most important issues in Ubuntu are.

On the desktop, we already present exactly this kind of question
that's being proposed for d-i, with the default being to agree to
send. To date, none of the owners of the millions of systems reporting
into errors.ubuntu.com have burned my house down. So is it realistic
to think when presented with an option of "yes, I would like to make
Ubuntu better" (given I'm kind of relying on it for my computer to
function) and "no thanks", the negative response is the more likely
choice?

I think we're doing our users a disservice by being so pessimistic,
assuming they're uninterested in participating in making the best
operating system we can.

Thanks for listening.

More information about the ubuntu-server mailing list