|
5 | 5 |
|
6 | 6 | <link href="https://foundation.rust-lang.org/feed/feed.xml" rel="self"/> |
7 | 7 | <link href="https://foundation.rust-lang.org"/> |
8 | | - <updated>2023-06-14T12:30:00Z</updated> |
| 8 | + <updated>2023-06-15T14:00:00Z</updated> |
9 | 9 | <id>https://foundation.rust-lang.org/</id> |
10 | 10 | <author> |
11 | 11 | <name>The Rust Foundation</name> |
12 | 12 | |
13 | 13 | </author> |
14 | 14 |
|
| 15 | + <entry> |
| 16 | + <title>A Note on Data Retention & Data Privacy Standards From the crates.io Team</title> |
| 17 | + <link href="https://foundation.rust-lang.org/news/a-note-on-data-retention-data-privacy-standards-from-the-crates-io-team/"/> |
| 18 | + <updated>2023-06-15T14:00:00Z</updated> |
| 19 | + <id>https://foundation.rust-lang.org/news/a-note-on-data-retention-data-privacy-standards-from-the-crates-io-team/</id> |
| 20 | + <content type="html"><p>On May 24th, <a href="https://blog.pypi.org/posts/2023-05-24-pypi-was-subpoenaed/"><u>PyPI announced that they had received multiple subpoenas</u></a> from the United States Department of Justice requesting PyPI user data. Since then, members of the Rust community have reached out to ask if any similar requests have been received by the <a href="http://crates.io/">crates.io</a> team, and have inquired about the policies of <a href="http://crates.io/">crates.io</a>, the Rust Project, and the Rust Foundation should such a request be received.</p> |
| 21 | +<h3 id="the-crates.io-team-members-and-the-rust-foundation-can-confirm-that-neither-group-has-received-requests-for-private-crates.io-user-data-as-of-this-post-(june-15%2C-2023)."><strong>The <a href="http://crates.io/">crates.io</a> team members and the Rust Foundation can confirm that neither group has received requests for private <a href="http://crates.io/">crates.io</a> user data as of this post (June 15, 2023).</strong> <a class="direct-link" href="https://foundation.rust-lang.org/news/a-note-on-data-retention-data-privacy-standards-from-the-crates-io-team/#the-crates.io-team-members-and-the-rust-foundation-can-confirm-that-neither-group-has-received-requests-for-private-crates.io-user-data-as-of-this-post-(june-15%2C-2023).">#</a></h3> |
| 22 | +<p>The <a href="http://crates.io/">crates.io</a> team intends to work with the Rust Foundation and legal counsel to add an amendment to the <a href="https://foundation.rust-lang.org/policies/privacy-policy/"><u>existing Rust privacy policy governing crates.io and other official Rust sites and applications</u></a>. This amendment will specify the process that will be followed in the event such a request is received from law enforcement or a government agency. </p> |
| 23 | +<h3 id="while-we-are-unable-to-provide-specifics-on-this-amendment-until-we-have-had-more-time-to-confer-with-legal-counsel%2C-our-guiding-principles-in-the-interim-will-be-as-follows%3A">While we are unable to provide specifics on this amendment until we have had more time to confer with legal counsel, our guiding principles in the interim will be as follows: <a class="direct-link" href="https://foundation.rust-lang.org/news/a-note-on-data-retention-data-privacy-standards-from-the-crates-io-team/#while-we-are-unable-to-provide-specifics-on-this-amendment-until-we-have-had-more-time-to-confer-with-legal-counsel%2C-our-guiding-principles-in-the-interim-will-be-as-follows%3A">#</a></h3> |
| 24 | +<ol> |
| 25 | +<li>We will only respond to legal requests made to the Rust Foundation concerning <a href="http://crates.io/">crates.io</a> that are complete, correct, and legally-binding.</li> |
| 26 | +<li>The <a href="http://crates.io/">crates.io</a> team will provide only the minimum data required by the request.</li> |
| 27 | +<li>The <a href="http://crates.io/">crates.io</a> team will communicate the nature of the request and what was provided to the maximum extent allowed by the request and law, while respecting the anonymity of those involved.</li> |
| 28 | +<li>If the request allows us to notify the subject(s) of the request and we have contact details for the subject(s), we will notify them directly of what data was provided. We will also consult with our legal counsel about the potential ways we could publicly, and anonymously, report any legally-binding requests for data we might receive in the future.</li> |
| 29 | +</ol> |
| 30 | +<p>The <a href="http://crates.io/">crates.io</a> team would also like to commend PyPI and the Python Software Foundation for the way they handled this request. We will seek to emulate their approach as closely as we can should we ever find ourselves in this position. </p> |
| 31 | +<h2 id="our-existing-data-retention-and-privacy-policy">Our Existing Data-Retention and Privacy Policy <a class="direct-link" href="https://foundation.rust-lang.org/news/a-note-on-data-retention-data-privacy-standards-from-the-crates-io-team/#our-existing-data-retention-and-privacy-policy">#</a></h2> |
| 32 | +<p>Below, you’ll find a summary of the existing privacy policy followed by the Rust Foundation, <a href="http://crates.io/">crates.io</a>, and associated Rust Project services. While this information is discoverable via the Rust Foundation privacy policy, we are sharing it here to reinforce the limited data we collect and the strict parameters around its retention:</p> |
| 33 | +<h3 id="crates.io-receives-the-following-data-from-its-users-upon-log-in%3A"><strong><a href="http://crates.io/">crates.io</a> Receives the Following Data From its Users Upon Log In: </strong> <a class="direct-link" href="https://foundation.rust-lang.org/news/a-note-on-data-retention-data-privacy-standards-from-the-crates-io-team/#crates.io-receives-the-following-data-from-its-users-upon-log-in%3A">#</a></h3> |
| 34 | +<ul> |
| 35 | +<li>As a GitHub account is required for log-in, <a href="http://crates.io/">crates.io</a> receives users’ GitHub usernames, avatars, and any email addresses publicly listed in their GitHub public profile. </li> |
| 36 | +<li>As a verified email address is required to publish a crate, we receive any public email address associated with your GitHub account and any email a user enters directly into <a href="http://crates.io/">crates.io</a>. We only use your email address to contact you about your account.</li> |
| 37 | +<li>In order to associate user accounts with the appropriate organizations and teams, we also collect users’ organization memberships and the teams within them from GitHub </li> |
| 38 | +<li>When you visit <a href="http://crates.io/">crates.io</a> or interact with <a href="http://crates.io/">crates.io</a> using Cargo, we receive your IP address, user-agent header, and request path as part of our standard server logs. Log entries for some authenticated requests, such as publishing a crate, also contain your <a href="http://crates.io/">crates.io</a> account. These logs are stored for 1 year.</li> |
| 39 | +<li>Upon visiting <a href="http://static.crates.io/">static.crates.io</a> (where the crate files that Cargo downloads are hosted), we receive your IP address, user-agent header, referer header, and request path as part of our standard server logs. These logs are stored for 1 year. Cargo downloads are not associated with your <a href="http://crates.io/">crates.io</a> username, as we do not store that information.</li> |
| 40 | +<li>All crates on <a href="http://crates.io/">crates.io</a> are public, including the list of crate owners’ usernames and the crate upload date. Anyone may view or download a crate’s contents. Because of the public nature of <a href="http://crates.io/">crates.io</a>, any personal data you might include in a Cargo.toml file uploaded to a crate is publicly available. </li> |
| 41 | +<li>Due to its public nature, be aware if you include any private information in a crate that information may be indexed by search engines or used by third parties. Sensitive information should not be included in a crate file.</li> |
| 42 | +</ul> |
| 43 | +<h3 id="rust-foundation-data-retention-policies%3A"><strong>Rust Foundation Data-Retention Policies: </strong> <a class="direct-link" href="https://foundation.rust-lang.org/news/a-note-on-data-retention-data-privacy-standards-from-the-crates-io-team/#rust-foundation-data-retention-policies%3A">#</a></h3> |
| 44 | +<ul> |
| 45 | +<li>The Rust Foundation retains personal data only for as long as is necessary, or as needed to provide users with the Foundation’s services.</li> |
| 46 | +<li>If a user wishes for their personal information to be removed from a Foundation service, they may request deletion of that information.</li> |
| 47 | +<li>The Rust Foundation will retain and use user information only to the extent necessary to comply with our legal obligations.</li> |
| 48 | +</ul> |
| 49 | +<p><a href="https://foundation.rust-lang.org/policies/privacy-policy/#data-retention"><u>Click here</u></a> to read the full language of the policies listed above. </p> |
| 50 | +<hr /> |
| 51 | +<h2 id="summary">Summary <a class="direct-link" href="https://foundation.rust-lang.org/news/a-note-on-data-retention-data-privacy-standards-from-the-crates-io-team/#summary">#</a></h2> |
| 52 | +<p>The <a href="http://crates.io/">crates.io</a> team will be meeting with the Rust Foundation and legal counsel to update and expand our shared data-retention policy. Our goal will be to add an amendment on how we would operate if a legally-binding request for data is issued and determine opportunities to minimize the level of data we retain without compromising the management of the Rust infrastructure. If you have feedback or specific concerns about the types of private user data we retain that might be available to a legally binding request, please email that feedback to <a href="mailto: [email protected]"><u> [email protected]</u></a> and/or <a href="mailto: [email protected]"> [email protected]</a>.</p> |
| 53 | +<p>We will post updates on our progress in the <a href="https://rust-lang.zulipchat.com/#narrow/stream/335408-foundation/topic/Data-Retention.20Policy.20Amendment.20Updates"><u>&quot;Data-Retention Policy Amendment Updates&quot; topic in the public foundation Zulip stream</u></a>. This work will likely take multiple months of coordination between all groups.</p> |
| 54 | +<p>The existing Rust Foundation and <a href="http://crates.io/">crates.io</a> privacy and data-retention policy can be found <a href="https://foundation.rust-lang.org/policies/privacy-policy/"><u>here</u></a>. </p> |
| 55 | +<p>Signed,</p> |
| 56 | +<p>The <a href="http://crates.io/">crates.io</a> team (in collaboration with the Rust Foundation)</p> |
| 57 | +</content> |
| 58 | + </entry> |
| 59 | + |
15 | 60 | <entry> |
16 | 61 | <title>Rust Foundation to Host Inaugural “Rust Global” Event at WasmCon 2023</title> |
17 | 62 | <link href="https://foundation.rust-lang.org/news/rust-foundation-to-host-inaugural-rust-global-event-at-wasmcon-2023/"/> |
18 | 63 | <updated>2023-06-14T12:30:00Z</updated> |
19 | 64 | <id>https://foundation.rust-lang.org/news/rust-foundation-to-host-inaugural-rust-global-event-at-wasmcon-2023/</id> |
20 | | - <content type="html"><p><a href="https://foundation.rust-lang.org/">The Rust Foundation</a> is pleased to present <a href="https://events.linuxfoundation.org/rust-global/">Rust Global</a> – a new event focused on the future of the Rust programming language. The first instance will taking place as a half-day event within <a target="_blank" href="https://events.linuxfoundation.org/wasmcon/">WasmCon</a> on September 6, 2023. </p> |
| 65 | + <content type="html"><p><a href="https://foundation.rust-lang.org/">The Rust Foundation</a> is pleased to present <a href="https://events.linuxfoundation.org/rust-global/">Rust Global</a> – a new event focused on the future of the Rust programming language. The first instance will be taking place as a half-day event within <a target="_blank" href="https://events.linuxfoundation.org/wasmcon/">WasmCon</a> on September 6, 2023 in Bellevue, Washington in the United States. </p> |
21 | 66 | <p>The first Rust Global will feature a mix of talks (sourced from the <a href="https://events.linuxfoundation.org/wasmcon/program/cfp/#suggested-topics"><u>WasmCon CFP</u></a>) and networking opportunities. Content will focus on the intersection of Rust and WebAssembly, Rust case studies for business innovation, and valuable Rust adoption stories. </p> |
22 | | -<p>The Rust Foundation believes that a strong relationship between global leaders and the Rust community is essential as we look toward the future of cybersecurity, business, sustainability, and technological innovation where Rust will lend tremendous value. We are excited to help drive collaboration and enterprise in Rust through Rust Global at WasmCon 2023. </p> |
| 67 | +<p>The Rust Foundation believes that a strong relationship between global leaders and the Rust community is essential as we look toward the future of cybersecurity, business, sustainability, and technological innovation where Rust will lend tremendous value. We are excited to help drive collaboration and enterprise in Rust through Rust Global at WasmCon 2023.</p> |
23 | 68 | <p>This event will be the first of many independent and co-located Rust Foundation events around the world to provide opportunities for Rust adopters, advocates, and enthusiasts to learn, share, and network. </p> |
24 | 69 | <h3 id=""> <a class="direct-link" href="https://foundation.rust-lang.org/news/rust-foundation-to-host-inaugural-rust-global-event-at-wasmcon-2023/#">#</a></h3> |
25 | 70 | <h2 id="join-us-at-rust-global!">Join us at Rust Global! <a class="direct-link" href="https://foundation.rust-lang.org/news/rust-foundation-to-host-inaugural-rust-global-event-at-wasmcon-2023/#join-us-at-rust-global!">#</a></h2> |
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments