On Fri, Sep 10, 2021 at 2:44 PM Felix Lechner wrote: > A fellow developer and I have reached an impasse over the appropriate > level of privacy guarantees in Debian. [1]
I think that lintian privacy tags currently represent several sets of bugs: The browsers shipping in Debian place no barriers between local files on disk, sites on the local network and sites on the Internet. So if someone reads some local documentation they didn't get from Debian using a browser from Debian, they could have a privacy violation. The documentation available in Debian may suggest readers request resources not available as local files on disk. Even if we fix the browsers available in Debian, users may read Debian documentation using browsers not available in Debian, they could have a privacy violation. The web applications available in Debian may suggest visitors request resources not available on the same web service. Since most web browsers don't block third-party requests by default, those visitors, who are only indirectly Debian users, could have a privacy violation. The same applies when Debian documentation is copied to a website. > Would this esteemed group please advise if the topic is in some form > suitable for a General Resolution? I'm not sure a GR is the appropriate mechanism to fix privacy issues in Debian, instead I would encourage interested folks to form a group focused on detecting, fixing and mitigating these issues. See the work of the Reproducible Builds folks for an example how such a group can move Free Software forward on a particular issue. https://wiki.debian.org/PrivacyIssues https://reproducible-builds.org/ -- bye, pabs https://wiki.debian.org/PaulWise
