On Sun, Dec 29, 2019 at 12:42 AM Robie Basak wrote:
> I file serious bugs when I discover this kind of behaviour in Debian
> packages. I've come across this only twice, but I've never spent time
> actually looking, so perhaps there are many more?
I expect there are quite a few more, some listed o
On Thu, Dec 26, 2019 at 02:42:58PM +0900, Norbert Preining wrote:
> - check for updates of itself
> - check for updates of plugins
> - send UID, OS, program version, and the icon theme selected in the
> program to the statistic site [1]
I file serious bugs when I discover this kind of behaviour
On Fri, Dec 27, 2019 at 6:01 AM Norbert Preining wrote:
> Upstream states clearly what he is collecting, and the rest is obvious
> because displayed on start. No magic necessary.
> Also no hidden stuff, all is clearly stated and open.
That sounds reasonable then.
> What do you mean with "informe
Hi Paul,
On Fri, 27 Dec 2019, Paul Wise wrote:
> I am wondering how you discovered these, was it just reading the
> upstream code/website or are you monitoring traffic on your machine?
Upstream states clearly what he is collecting, and the rest is obvious
because displayed on start. No magic nece
On Thu, Dec 26, 2019 at 5:52 AM Norbert Preining wrote:
> Calibre is normally doing the following checks:
I am wondering how you discovered these, was it just reading the
upstream code/website or are you monitoring traffic on your machine?
Personally, I think we need much more systematic auditin
Hi Jonas,
thanks for your -- interesting and funny - email ;-) I am not so much
for political discussions, but just for clarification:
> It is bad that a system installed purely from Debian - with all security
> updates carefully applied and all security announcements carefully
> followed - can
Andrey Rahmatullin writes:
> Maybe it's time to document it in the Policy.
I think it would be a good idea, but it's some work because of the edge
cases. Some of the things found by the Lintian check are tedious to fix
(unless maybe we can write a tool?) and make it more annoying to package
som
On Thu, Dec 26, 2019 at 12:41:34PM +0100, Jonas Smedegaard wrote:
> All of those activities are problematic, because they leak privacy.
>
> First point is useless for packaged software and the code should be
> patched to skip it.
>
> Second point is ideally useless as well, because plugins shoul
On Thu, Dec 26, 2019 at 05:48:17PM +0500, Andrey Rahmatullin wrote:
> On Thu, Dec 26, 2019 at 08:48:44PM +0900, Norbert Preining wrote:
> > Yeah, agreed with you feeling, but I searched today the policy and
> > social contract etc etc, and I didn't find any regulation concerning it.
> There are lin
Quoting Norbert Preining (2019-12-26 13:36:28)
> On Thu, 26 Dec 2019, Jonas Smedegaard wrote:
> > Second point is ideally useless as well, because plugins should be
> > packaged as well.
>
> Well, they aren't, and will never be packaged (unless someone steps in).
> So getting notified of updates
On Thu, Dec 26, 2019 at 08:48:44PM +0900, Norbert Preining wrote:
> Yeah, agreed with you feeling, but I searched today the policy and
> social contract etc etc, and I didn't find any regulation concerning it.
There are lintian checks and I think that's all.
Maybe it's time to document it in the Po
Hi Jonas,
thanks for the insightful comments!
On Thu, 26 Dec 2019, Jonas Smedegaard wrote:
> First point is useless for packaged software and the code should be
> patched to skip it.
Agreed, and that is my plan.
> Second point is ideally useless as well, because plugins should be
> packaged a
Quoting Tomas Pospisek (2019-12-26 11:26:26)
> On 26.12.19 06:42, Norbert Preining wrote:
>
> > (please Cc)
> >
> > are there any requirements or restriction what a program packaged in
> > Debian is allowed to do when starting up? Calibre is normally doing the
> > following checks:
> > - check fo
On Thu, Dec 26, 2019 at 08:48:44PM +0900, Norbert Preining wrote:
> Do you have any pointer to some statement, policy, GR or so that forbids
> it?
Debian packages should behave as 'good citizens' and that includes not
spying on the user.
it's probably written down in some preamble or so.
--
ch
Hi Mattia,
On Thu, 26 Dec 2019, Mattia Rizzolo wrote:
> Considering this is debian, I'd probably say that none of those are
> acceptable without a proper consent for the user. Opt-in flags in the
Yeah, agreed with you feeling, but I searched today the policy and
social contract etc etc, and I di
On Thu, Dec 26, 2019 at 11:26:26AM +0100, Tomas Pospisek wrote:
> On 26.12.19 06:42, Norbert Preining wrote:
>
> > (please Cc)
> >
> > are there any requirements or restriction what a program packaged in
> > Debian is allowed to do when starting up? Calibre is normally doing the
> > following che
On Thu, Dec 26, 2019 at 11:26:26AM +0100, Tomas Pospisek wrote:
> > are there any requirements or restriction what a program packaged in
> > Debian is allowed to do when starting up? Calibre is normally doing the
> > following checks:
> > - check for updates of itself
> > - check for updates of plu
On 26.12.19 06:42, Norbert Preining wrote:
> (please Cc)
>
> are there any requirements or restriction what a program packaged in
> Debian is allowed to do when starting up? Calibre is normally doing the
> following checks:
> - check for updates of itself
> - check for updates of plugins
> - send
Hi everyone
(please Cc)
are there any requirements or restriction what a program packaged in
Debian is allowed to do when starting up? Calibre is normally doing the
following checks:
- check for updates of itself
- check for updates of plugins
- send UID, OS, program version, and the icon theme s
19 matches
Mail list logo