Subject: FSBs, mechanized documentation, and (meta-)data licenses
From: "Stephen J. Turnbull" <>
Date: Sat, 11 Mar 2006 17:28:52 +0900

>>>>> "Quinn" == Quinn Weaver <> writes:

    Quinn> On Fri, Mar 10, 2006 at 03:03:12PM -0800, Rich Morin wrote:

    >> Here's a nice, shiny Subject line of your own.  Shalom...

    Quinn> OK, about the issue of data licenses...

Aargh!  I'm almost sure this is not what Rich had in mind for kicking
out of his thread!!  (He meant my last post or two. ;-) Sorry, Rich.
One slipped out, but I will change the topic if it continues.)  Thus
the topic change here.

    Quinn> Shouldn't we have an easy-to-understand, easy-to-apply
    Quinn> license for these kinds of metadata?  Does one exist
    Quinn> already?

I doubt it.  There's a serious problem here: reporter privacy and
consent.  I don't think there really can be an easy-to-understand-
and-apply consent form, in which case you have to worry about your
right to license the data at all.  Suppose that you have a consent
form that the user clicks, that says he/she waives the right to sue
you for privacy violations.  It's not clear to me that that will stand
up in court if there's evidence of less than "reasonable care" taken.
You need to be a lawyer to understand, I'm afraid.  :-(  (A lawyer's
opinion would be nice here, I'm wearing my Cowardly Non-Lawyer hat.)

Email addresses are just one part of it.  If you're writing a secure
webserver on top of Apache, wouldn't you like to know what bugs your
rivals are reporting---especially if those are parts of Apache your
server isn't exploiting yet?  "Now, what in the world would trigger
that?  Aha!"

Or suppose you have a terminal emulator in your app, and log
keystrokes?  Every few months I have to warn somebody that they've
allowed something that looks like a password to escape to our bug
list, although the preformatted report starts by warning that you
should _never_ hit send without reviewing for sensitive information.

Graduate School of Systems and Information Engineering   University of Tsukuba        Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
        Economics of Information Communication and Computation Systems
          Experimental Economics, Microeconomic Theory, Game Theory