Date: Sat, 27 May 2017 23:13:26 -0700 From: "David Lie" <lie@eecg.toronto.edu> To: "'Dylan Williams'" <freebsd@host852.com> Cc: "'Mingyue Yang'" <myshirley.yang@mail.utoronto.ca>, <freebsd-questions@FreeBSD.org> Subject: RE: Help For Getting Bug Reports in Issue Tracker Message-ID: <099d01d2d779$85738200$905a8600$@eecg.toronto.edu> In-Reply-To: <FAC2E8E8-7597-478C-95AA-EF89A7334440@host852.com> References: <YQBPR01MB014584147CA9A085324C79E0ACFC0@YQBPR01MB0145.CANPRD01.PROD.OUTLOOK.COM> <D446034D-FA4B-4D3F-A5B3-8F8658FA935A@host852.com> <083a01d2d69b$c66a0ec0$533e2c40$@eecg.toronto.edu> <FAC2E8E8-7597-478C-95AA-EF89A7334440@host852.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Dylan: Thank you for taking the time to explain. We certainly don't need access to that personal information, but we are interested in the text and discussions describing the bugs. Of course, I understand that it could be a difficult task to separate the text in the bug descriptions from the personal data in a database in a way that ensured that no personal data was being shared. We will think about other ways we could conduct our study. Thanks again for your help. David From: Dylan Williams [mailto:freebsd@host852.com] Sent: Saturday, May 27, 2017 7:17 PM To: David Lie <lie@eecg.toronto.edu> Cc: Mingyue Yang <myshirley.yang@mail.utoronto.ca>; freebsd-questions@FreeBSD.org Subject: Re: Help For Getting Bug Reports in Issue Tracker Hi David, My concern is to do with any personal data that may be held in the database - names, email addresses, telephone numbers, addresses DOB, etc. Unfortunately this is a complex and evolving area of law around the world and your request is likely more challenging because it involves cross-border data transfer issues. However, there are couple of universal concepts/concerns to consider: DATA CONTROLLER - As a data controller, the FreeBSD project must be careful about simply passing on a database containing the personal data of a large number of individuals to a third party without the consent of those users. DATA PROCESSING - Your team would be a data processor and you risk exposing yourselves to breaches in data privacy laws if you process the personal data of the FreeBSD community without consent from users. The general rule is that individuals must give unambiguous consent after being fully informed. In this case FreeBSD developers may have consented to having their personal data available to the FreeBSD community but they did not consent to having it processed as part of a university study. Hope that helps. Dylan. On 27 May 2017, at 11:46 AM, David Lie <lie@eecg.toronto.edu <mailto:lie@eecg.toronto.edu> > wrote: Hi Dylan: Privacy and personal data issues were not something we anticipated. I understand the need for caution around these. Can you elaborate on what the issues are? I had thought that since the bug data bases are publicly searchable anyways, there was no more information being revealed by sharing. Is there information in the dumps that isn't available in the web interface? Or is it more the concern of having all of the information shared at once? We are public university in Canada and as such adhere to norms governing research involving human subjects and personal information. If we sought Ethics Review Board review for this research, would this allay concerns? Thanks, David Lie -- Professor Canada Research Chair in Secure and Reliable Computer Systems Department of Electrical and Computer Engineering University of Toronto From: Dylan Williams [mailto:freebsd@host852.com] Sent: Friday, May 26, 2017 5:59 PM To: Mingyue Yang <myshirley.yang@mail.utoronto.ca <mailto:myshirley.yang@mail.utoronto.ca> > Cc: freebsd-questions@FreeBSD.org <mailto:freebsd-questions@FreeBSD.org> ; David Lie <lie@eecg.toronto.edu <mailto:lie@eecg.toronto.edu> > Subject: Re: Help For Getting Bug Reports in Issue Tracker I see potential data privacy/personal data issues associated with this request. Suggest to proceed with caution. On 27 May 2017, at 6:57 AM, Mingyue Yang <myshirley.yang@mail.utoronto.ca <mailto:myshirley.yang@mail.utoronto.ca> <mailto:myshirley.yang@mail.utoronto.ca> > wrote: Hello FreeBSD Team, I am a student from University of Toronto doing research. My research topic is to automatically detect security vulnerabilities using machine learning techniques. As part of my research, I need to obtain bug samples and fixes related to security vulnerabilities. I am currently looking into bug reports in the issue tracker of your project: https://bugs.freebsd.org/bugzilla/. However, crawling the bug tracking repository may not be the best thing to do, as it may be harmful to the website. Thus I am wondering if it is possible to obtain the entire bug tracking database including summary, comments and other status fields for all bug reports? Help is really appreciated! Thank you, Shirley Yang _______________________________________________ freebsd-questions@freebsd.org <mailto:freebsd-questions@freebsd.org> <mailto:freebsd-questions@freebsd.org> mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org <mailto:freebsd-questions-unsubscribe@freebsd.org%0b%3cmailto:freebsd-questi ons-unsubscribe@freebsd.org%3e%20> <mailto:freebsd-questions-unsubscribe@freebsd.org> " _______________________________________________ freebsd-questions@freebsd.org <mailto:freebsd-questions@freebsd.org> mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org <mailto:freebsd-questions-unsubscribe@freebsd.org> "
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?099d01d2d779$85738200$905a8600$>