Sean Whitton <spwhit...@spwhitton.name> writes: > On Wed, Nov 16, 2016 at 05:17:32PM +0100, Ole Streicher wrote: >> for a discussion with upstream (removal of a default "anonymously >> logging home" feature), I would like to have a reference that Debian >> prefers strong privacy (no default logging, even not anonymously) over >> usefullness for upstream. The only point I could find is the "Our >> priorities are our users and free software" point in the Social >> Contract, which is very general and interpretable. The policy seems to >> be silent about this. Did I just not look careful enough? > > We have several Lintian warnings connected to privacy (see tags > privacy-breach-*). Lintian reflects community consensus on packaging > standards as much as policy does.
Hmm, I rather would like to cite the consensus itself than its reflection. Lintian is just a tool to help us to create good packages; however it cannot be a reference. First example: Multi-Arch is community consensus. However, a lintian warning for non-multiarch packages is not there, despite that there is a bug asking for it (#724988). Second example: For Python it is common practise to put everything into /usr/lib/$arch/python* if the package is arch dependent -- including in-package images. However, one gets a lintian warning about that. --> Lintian just gives a hint, not a reference. A short while ago, there was a even a general complaint in some mailing list that "Make Lintian happy" is a bad explanation to implement some change (can't find it anymore, and don't know the author). Best regards Ole