This document describes the data Foreman collects about you, why it is collected, what is done with it, and your options for how it’s processed.
The Foreman project does not share data with 3rd parties, except for hosting requirements (e.g. GitHub, YouTube) as detailed below, or when required to by law.
The Foreman website is a static site which does not track, collect, store information or set cookies. There is no account for the website itself. The webserver (Apache) logs will contain IP addresses, timestamps, and UserAgent strings - these are log-rotated and deleted after 4 weeks.
The website also uses Google Analytics, but we only collect anonymous data. IP addresses are anonymised, and we do not use User-ID, or any linked Google product (e.g. AdWords). Google Analytics data is deleted after 26 months (the default for Google Analytics).
The webserver logs and Google Analytics are used to produce aggregated statistics about the community, such as popularity of different browsers, operating system packages, plugins, etc.
The website does embed videos from YouTube, FOSDEM, and Slideshare - see the links below for details:
for details. These videos do not autoplay.
Commit messages can contain names and email addresses. You are free to use psuedonymous data for commit messages. We do prefer a working contact mail in case of needing to contact contributors to the codebase, but it is not mandatory.
We also use non-identifiable data from the codebase to provide aggregated statistics such as average time to merge, number of open pull requests, etc.
The Foreman community also runs a self-hosted bug tracker using the Redmine software. When you sign up for a Redmine account, you provide us with an email address and a name.
Externally, we only use this email within Redmine to contact you about bugs you have reported or subscribed to. You have full control over what emails are sent from your Redmine account preferences.
Email addresses can also be linked to GitHub commits (see above) if the emails match, or manually by an admin (on request). This enables Redmine to automatically attribute issue changes to your user, based on the public commit data from the GitHub repositories (e.g. closing it when you fix an issue). This populates your Redmine “activity” page, which is public.
We also use the bug tracker data to provide aggregated statistics such as number of open/closed bugs, average time to close a bug, etc.
We also use the IP addresses and public post data to provide aggregated statistics about the forum community, such as posts-per-month, user engagement, etc. We also use the IP addresses to help identify sock puppeting and spam accounts.
The Foreman community runs a survey each year. Completing the survey is opt-in, and providing a contact email address in the survey is optional. Such addresses are stored until the survey analysis is complete, and then deleted from the raw survey data before publication. The survey data is used to gain understanding of the community, and aggregated statistics based on the survey results are published each year.
The Foreman project provides a tool called foreman-debug which collects logs from your Foreman server and uploads it to a secure location in our infrastructure. Use of this tool is entirely voluntary (it is never run automatically), and the data is used by our developers to assist users in debugging complex problems. The data is not used for any analysis or statistics, is only accessible to a small number of the Foreman developers, and is deleted regularly.
Using a VPN, Tor, or other IP / UserAgent masking service will not affect your use of the project website, as it is entirely static. For Redmine & Discourse, we do not mandate use of real names, and using pseudonyms will not affect the services.
Your Redmine & Discourse accounts contain options to control what emails are sent to you. 3rd party services such as GitHub retain their own policies and privacy options.
Where the EU General Data Protection Regulation 2016/679 (“GDPR”) applies to the processing of your personal data, especially when you access the website from a country in the European Economic Area (“EEA”), you have the following rights, subject to some limitations, against the Foreman Project:
If you would like to exercise any of these rights, you may do so by contacting the Foreman Project at contact us or on IRC. Please understand, however, the rights enumerated above are not absolute in all cases, especially in regards to the right to erase your data:
Foreman reserves the right to update this policy from time to time. Material changes will be posted to the Announcements list and posted to the front page of the website. This policy was last updated on 28th May 2018.
Foreman 1.17.1 is now available with several bugfixes. Follow the quick start to install it.
A new bug fix release for Foreman 1.16 is now available. This release contains fixes for 2 security bugs and other minor patches. See the Foreman 1.16.1 release notes for more details..