> Dear marc, > > unwanted "calls-home" are normally found and disclosed if the software > is free, so I really don't think this is a problem. Asking the > development team of a distribution with 50k+ packages to guarantee > that nothing ever uses user information for unwanted means is just > plain impossible. Not even Debian can do that. This is done, > indirectly, by all the people who look at the code, and contribute to > the packages.
So I think that there are two categories to this: A) There may be free software which has been hacked/compromised to covertly to phone home. Finding these cases is hard, but if it is found, chances are excellent that this will be fixed in a hurry. I agree that Debian/Devuan can't make any absolute guarantees in this respect. B) I am more concerned about the other part, where code is known to phone home, but the developers or packagers have decided that this is fine. The examples range from popcon to systemd's resolver (which I am told falls back on to google at 8.8.8.8) to chromium or firefox/iceweasel. For the time being these designed-in phone home packages are few, so it should not be a hardship to label them with a "leaking::" tag. The reason for labelling the ones in category B) is disclosure: Those of us who are concerned about privacy matters can look for those tags to make the tradeoff. It also means that those who want to spy on people without disclosing it fall into category A) which if found out should count as deception and maybe, one day, a crime. regards marc _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
