I think that the privacy breaches that lintian complains about represent several sets of bugs that all need fixing:
The browsers shipping in Debian place no barriers between local files on disk, sites on the local network and sites on the Internet. So if someone reads some local documentation they didn't get from Debian using a browser from Debian, they could have a privacy violation. The documentation available in Debian may suggest readers request resources not available as local files on disk. Even if we fix the browsers available in Debian, users may read Debian documentation using browsers not available in Debian, they could have a privacy violation. When Debian documentation is copied to the web the same occurs. The web applications available in Debian may suggest visitors request resources not available on the same web service. Since most web browsers don't block third-party requests by default, those visitors, who are only indirectly Debian users, could have a privacy violation. The same applies when Debian documentation is copied to a website. Daniel Leidert wrote: > To put packages through NEW they have to be lintian clean. Not in my experience, I haven't tested it for the privacy tags though. > The severity is not backed up by any of our policies. I believe the issues to be a violation of the social contract, albeit one of the parts that are aspirational rather than concrete. > what right do we have to remove donation requests That would be the wrong thing to do but that isn't what is requested. > you have already configured your whole system The majority people who are affected by privacy violations probably don't understand that those violations exist, nor that mitigations exist nor what those mitigations are nor how to configure them and probably those mitigations are going to break their workflows. > they are still tracked by hundreds of cookies > while browsing websites or reading mails This is being improved by the browser vendors, which are moving towards blocking third-party cookies entirely. > It just creates burden on fellow developers. I believe that the burden exists, but is fairly minimal, replacing an image with a styled button or similar is usually fairly simple. PS: there are many more types of privacy violations in Debian: https://wiki.debian.org/PrivacyIssues -- bye, pabs https://wiki.debian.org/PaulWise
signature.asc
Description: This is a digitally signed message part