Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 27 May 2017 23:13:26 -0700
From:      "David Lie" <lie@eecg.toronto.edu>
To:        "'Dylan Williams'" <freebsd@host852.com>
Cc:        "'Mingyue Yang'" <myshirley.yang@mail.utoronto.ca>, <freebsd-questions@FreeBSD.org>
Subject:   RE: Help For Getting Bug Reports in Issue Tracker
Message-ID:  <099d01d2d779$85738200$905a8600$@eecg.toronto.edu>
In-Reply-To: <FAC2E8E8-7597-478C-95AA-EF89A7334440@host852.com>
References:  <YQBPR01MB014584147CA9A085324C79E0ACFC0@YQBPR01MB0145.CANPRD01.PROD.OUTLOOK.COM> <D446034D-FA4B-4D3F-A5B3-8F8658FA935A@host852.com> <083a01d2d69b$c66a0ec0$533e2c40$@eecg.toronto.edu> <FAC2E8E8-7597-478C-95AA-EF89A7334440@host852.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
Hi Dylan:

 

Thank you for taking the time to explain.   We certainly don't need access
to that personal information, but we are interested in the text and
discussions describing the bugs.  Of course, I understand that it could be a
difficult task to separate the text in the bug descriptions from the
personal data in a database in a way that ensured that no personal data was
being shared.  We will think about other ways we could conduct our study.
Thanks again for your help.

 

David

 

From: Dylan Williams [mailto:freebsd@host852.com] 
Sent: Saturday, May 27, 2017 7:17 PM
To: David Lie <lie@eecg.toronto.edu>
Cc: Mingyue Yang <myshirley.yang@mail.utoronto.ca>;
freebsd-questions@FreeBSD.org
Subject: Re: Help For Getting Bug Reports in Issue Tracker

 

Hi David,

 

My concern is to do with any personal data that may be held in the database
- names, email addresses, telephone numbers, addresses DOB, etc.
Unfortunately this is a complex and evolving area of law around the world
and your request is likely more challenging because it involves cross-border
data transfer issues. However, there are couple of universal
concepts/concerns to consider:

 

DATA CONTROLLER - As a data controller, the FreeBSD project must be careful
about simply passing on a database containing the personal data of a large
number of individuals to a third party without the consent of those users.

 

DATA PROCESSING - Your team would be a data processor and you risk exposing
yourselves to breaches in data privacy laws if you process the personal data
of the FreeBSD community without consent from users. The general rule is
that individuals must give unambiguous consent after being fully informed.
In this case FreeBSD developers may have consented to having their personal
data available to the FreeBSD community but they did not consent to having
it processed as part of a university study.

 

Hope that helps.

 

Dylan.

 

On 27 May 2017, at 11:46 AM, David Lie <lie@eecg.toronto.edu
<mailto:lie@eecg.toronto.edu> > wrote:

 

Hi Dylan:



Privacy and personal data issues were not something we anticipated.  I
understand the need for caution around these.  Can you elaborate on what the
issues are?  I had thought that since the bug data bases are publicly
searchable anyways, there was no more information being revealed by sharing.
Is there information in the dumps that isn't available in the web interface?
Or is it more the concern of having all of the information shared at once?
We are public university in Canada and as such adhere to norms governing
research involving human subjects and personal information.  If we sought
Ethics Review Board review for this research, would this allay concerns?



Thanks,



David Lie

--

Professor

Canada Research Chair in Secure and Reliable Computer Systems

Department of Electrical and Computer Engineering

University of Toronto





From: Dylan Williams [mailto:freebsd@host852.com] 
Sent: Friday, May 26, 2017 5:59 PM
To: Mingyue Yang <myshirley.yang@mail.utoronto.ca
<mailto:myshirley.yang@mail.utoronto.ca> >
Cc: freebsd-questions@FreeBSD.org <mailto:freebsd-questions@FreeBSD.org> ;
David Lie <lie@eecg.toronto.edu <mailto:lie@eecg.toronto.edu> >
Subject: Re: Help For Getting Bug Reports in Issue Tracker



I see potential data privacy/personal data issues associated with this
request. Suggest to proceed with caution.



On 27 May 2017, at 6:57 AM, Mingyue Yang <myshirley.yang@mail.utoronto.ca
<mailto:myshirley.yang@mail.utoronto.ca> 
<mailto:myshirley.yang@mail.utoronto.ca> > wrote:



Hello FreeBSD Team,


I am a student from University of Toronto doing research. My research topic
is to automatically detect security vulnerabilities using machine learning
techniques. As part of my research, I need to obtain bug samples and fixes
related to security vulnerabilities.


I am currently looking into bug reports in the issue tracker of your
project: https://bugs.freebsd.org/bugzilla/. However, crawling the bug
tracking repository may not be the best thing to do, as it may be harmful to
the website. Thus I am wondering if it is possible to obtain the entire bug
tracking database including summary, comments and other status fields for
all bug reports?



Help is really appreciated!


Thank you,

Shirley Yang

_______________________________________________
freebsd-questions@freebsd.org <mailto:freebsd-questions@freebsd.org>
<mailto:freebsd-questions@freebsd.org>
mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org
<mailto:freebsd-questions-unsubscribe@freebsd.org%0b%3cmailto:freebsd-questi
ons-unsubscribe@freebsd.org%3e%20> 
<mailto:freebsd-questions-unsubscribe@freebsd.org> "



_______________________________________________
freebsd-questions@freebsd.org <mailto:freebsd-questions@freebsd.org>
mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org
<mailto:freebsd-questions-unsubscribe@freebsd.org> "

 




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?099d01d2d779$85738200$905a8600$>