On Wed, May 15, 2013 at 09:43:02PM +0200, Christoph Biedl wrote: > Christoph Anton Mitterer wrote... > > > 2) No more packages that bypass the package management system and secure > > apt: > > a) There are still several (typically non-free) packages which download > > stuff from the web, install or at least un-tar it somwhere without > > checking any integrity information that would be hardcoded in that > > package. > > > > b) Another problem are IMHO plugins like Firefox extensions, kinda > > bypassing APT. I think at least those that are installed via a package, > > shouldn't be upgradable/overwritable anymore with online versions. > > I'd like to enhance that topic to the question under which > circumstances a package is allowed to "phone home", i.e. to contact a > service provided by upstream without the consent of the user. For the > records, I wouldn't mind much if the rule is "never". > > Still an answer might be not as easy as it seems, a few situations: > > * Automatic update checks don't make sense, mostly they confuse users. > > * As an example, nagios3 upstream embedded several requests to the > nagios homepage on the start page of any local installation. That > I consider both annoying and a privacy breach, so I patched that > away locally. But perhaps such behaviour should be banned entirely. > > * On the other hand, there are packages that do need frequent updates, > virus scanners to start with, also ad blockers. Not sure whether > these should be granted an exception. If not, somebody would have to > take the task to provide these updates in an APT way. > > Just sharing a few thoughts on that ... > > Christoph
I wouldn't mind "never". An absolute requirement I think is a "don't do it again" option (for the user). For example every time I start eric it tells me there is an update. I know there is an update. It told me so the last 1000 times I started it. And I still don't want to break my stable system. I also wouldn't mind a debconf question in cases where the apt way is not practicable but security can still be maintained. Which would be for the *-installer packages that download the actual thing from the internet. I would rather not have them but sometimes they are unavoidable. Phoning home at runtime without explicit admin/user permission is never OK though. MfG Goswin -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130516101829.GD2181@frosties