I think you need to respect the privacy

So do I. How do distribution/platform name and version numbers violate one's privacy? The information can only be used for statistics.

why should they be forced to tell you that they're using your code?

Please read my original post again.

I will force nobody and will be very open about what happens. There will be an easy, obvious way to opt out and it will be printed on screen and mentioned in the README.

dmesg | mail -s "Sony VAIO 505R laptop, apm works OK" dmesg@openbsd.org

Because I would like to include automated, unattended installations and would like to make sending the information the default. Because the information sent is static and not privacy-sensitive, I think opt-in is not needed.

Why not provide a simply perl script in your package, and finish off your installation with a message saying something to the effect of "I would like to hear about people using package XXX, please run the following script to send me a quick email containing your info"?

I have done so in the past. I know for a fact that it doesn't work as well.

Also, I do not want to hear about PEOPLE using the package, I just want a rough indication of the number of installations. NO PERSONAL INFORMATION WILL BE SENT.

So do I. How do distribution/platform name and version numbers violate one's privacy?

The distributions and platforms I'm running in my home is known to me. It is private knowledge. It is not public.

The information can only be used for statistics.

You may only be using it for statistics. It can certainly be used for other purposes.

<paranoid>

1. I kindly take over maintenance of SOAP::Lite
2. I add a tracker like the one you propose and log all the information I receive. Note that this information will also include the IP address of the server the module was installed on.
3. I "accidentally" include an exploit that allows me to call arbitrary Perl code in the next SOAP::Lite release.
4. I wait for the IP addresses of vulnerable machines to roll in

</paranoid>

I will force nobody and will be very open about what happens. There will be an easy, obvious way to opt out and it will be printed on screen and mentioned in the README.

But an automated install with no manual intervention will opt-in. This is the behaviour I think most people are (correctly in my opinion) objecting to.

Because the information sent is static and not privacy-sensitive

I don't think other people are entitled to determine how sensitive my private data is. I guess I'm just funny that way.

<paranoid>
1. ...
2. ...
3. I "accidentally" include an exploit that allows me to call arbitrary Perl code in the next SOAP::Lite release.
4. ...
</paranoid>

<realistic>
1. I "accidentally" include code that downloads and evals some string.
2. Eh, done.
</realistic>
I am no more dangerous to you with this information than without. Besides that, if you're PARANOID, you never install a module without reading its documentation, without looking at installation output. If you're REALLY PARANOID, you never install a module without reading exactly what it does.

Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }

I still disagree. I think that demanding opt-out of your users is inherently disrespectful of their privacy, no matter how innocuous you think the information you're collecting is. It's my damn information, and it's my choice to share it with whomever I feel like, or not. Creating automated response code that's enabled by default is no better than spyware.

It's my damn information, and it's my choice to share it with whomever I feel like

But it is his "damn" code that you are planning to use. I think the author deserves some gratitude for allowing you to use this software. Consider it the same as sending a thank you email to an author for saving you the time and trouble of having to write this code yourself.

That being said, I am kind of on the fence with this one. I would personally like the stats myself, but the opt_out strategy doesn't quite sit right with me either. Even though I agree that the information collected is innocuous.

- Cees

privacy

Specify why you think the four strings I want to send violate privacy in any way or do not use that word again. Repeating the same thing over and over does not explain to the other party why you think it is relevant or important.

it's my choice

If you properly read the information on your screen and in the README file, it will still be your choice.

Creating automated response code that's enabled by default is no better than spyware.

I'm sorry you feel this way. You offended a lot of people by saying that, including me.

Juerd # { site => 'juerd.nl', plp_site => 'plp.juerd.nl', do_not_use => 'spamtrap' }