Bug#962073: alsa-info is calling home without asking
On Wed, 3 Jun 2020 17:26:27 +0200 Elimar Riesebieter wrote: > What do you mean with "call home"? Access the Internet without the consent of the person running it. > There is indeed a new version available in [0] and [1]. It will be > contributed witch the next release of alsa-utils. So what makes this > "bug" serious? The bug is a privacy violation. https://wiki.debian.org/PrivacyIssues -- bye, pabs https://wiki.debian.org/PaulWise signature.asc Description: This is a digitally signed message part
Bug#962073: alsa-info is calling home without asking
* Christoph Berg [2020-06-02 23:23 +0200]: > Package: alsa-utils > Version: 1.2.2-1 > Severity: serious > > Hi, > > I just launched alsa-info and was surprised that it presented me with > this popup box: > > ┌───┐ > │ Newer version of ALSA-Info has been │ > │ found │ > │ │ > │ Do you wish to download it? │ > ├───┤ > │ < Yes > < No > │ > └───┘ > > Note that this box comes before it asks if the generated report should > be uploaded somewhere. > > I don't think it is appropriate for a simple CLI utility to call home > without asking first. What do you mean with "call home"? There is indeed a new version available in [0] and [1]. It will be contributed witch the next release of alsa-utils. So what makes this "bug" serious? [0] https://git.alsa-project.org/?p=alsa-utils.git;a=history;f=alsa-info/alsa-info.sh [1] https://git.alsa-project.org/?p=alsa-utils.git;a=summary Elimar -- Learned men are the cisterns of knowledge, not the fountainheads ;-)
Bug#962073: alsa-info is calling home without asking
Package: alsa-utils Version: 1.2.2-1 Severity: serious Hi, I just launched alsa-info and was surprised that it presented me with this popup box: ┌───┐ │ Newer version of ALSA-Info has been │ │ found │ │ │ │ Do you wish to download it? │ ├───┤ │ < Yes > < No > │ └───┘ Note that this box comes before it asks if the generated report should be uploaded somewhere. I don't think it is appropriate for a simple CLI utility to call home without asking first. -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (700, 'testing'), (600, 'unstable'), (150, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.6.0-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de:en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages alsa-utils depends on: ii kmod 27+20200310-2 ii libasound21.2.2-2.1 ii libatopology2 1.2.2-2.1 ii libc6 2.30-8 ii libfftw3-single3 3.3.8-2 ii libncursesw6 6.2-1 ii libsamplerate00.1.9-2 ii libtinfo6 6.2-1 ii lsb-base 11.1.0 alsa-utils recommends no packages. Versions of packages alsa-utils suggests: ii dialog 1.3-20190808-1 -- no debconf information Christoph