Our great sponsors
-
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Thanks for responding here, in the pull request, and committing to respond to the parent poster. That's more than required, and welcome.
In general I reckon a lot of in tech believe that our e-mail addresses "are out there anyway", and as such we start to think that it's reasonable to opt-in collection of personal information on the behalf of others (per the Critical Telemetry[1] section) without their full consent.
I don't personally think that's OK behaviour. Good products grow and are shared by worth-of-mouth and network effects over time when they're genuinely useful (as I think sourcegraph is), and I'd debate whether there's greater overall value in silently transmitting e-mail addresses (something that many people will only learn about at a later date) versus the potential privacy and reputation costs (arising from conversations like this).
There may be some kind of argument that it's required in order to send security and policy update notices; I'm uncertain about that: it's honest and useful to announce relevant information to the public when ready, but some consumers may wish to stay current on those themselves rather than be (unwittingly, at least) added to push-based messaging.
These would probably be considerations you'd have to reconcile not only with your own codebase and perspective, but also with your colleagues and peers, and I understand that friction - this is just honest feedback from my perspective.
[1] - https://github.com/sourcegraph/sourcegraph/blob/66ce1f814946...
