On Sat, Jul 24, 2004 at 03:27:26PM -0400, Michael Poole wrote: > Sven Luther writes: > > > On Sat, Jul 24, 2004 at 09:47:43AM -0400, Michael Poole wrote: > >> Sven Luther writes: > >> > >> > On Fri, Jul 23, 2004 at 08:49:14PM -0700, Steve Langasek wrote: > >> >> > >> >> As a practical consideration, if the requirement extends beyond what > >> >> we're already doing for crypto-in-main (e.g., if it requires us to send > >> >> the government a copy *every time* someone downloads), I think we would > >> > > >> > And even that, i think is not acceptable. Already our current policy to > >> > inform > >> > the US governement of every contribution a member makes is an dangerous > >> > privacy concern. And if you would go the chinese dissident way (or maybe > >> > the > >> > iraqui freedom figther way :), a maintainer could get in trouble over > >> > this > >> > reporting. > >> > >> Come again? Under the current rules, we have to give the US > >> government a (single) source code copy of any software that we > >> distribute. The whole world can download the same software. > >> How does that constitute any sort of privacy concern? > > > > Each time i make a new upload, a notice of the upload is sent to the US > > security agencies, at least this is how i understood it. This include my > > changelog entry, my name and email, my GPG key, and the time at which i make > > this upload. > > In other words, they are effectively subscribed to the > debian-*-changes mailing lists? I still don't see how > that is any kind of privacy concern like you claimed.
I am against it in principle. Having them subscribe to the debian-*-changes mailing list is an active effort of their part, while we willingly push data to them. Friendly, Sven Luther
