Quoting Paul Wise <p...@debian.org>:
I think we need a privacy team. Such a team could verify the privacy status of packages and record that information centrally.
I agree. And volunteer. (Messages with the word "volunteer" in the body are never signed.)