Hi,
A fellow developer and I have reached an impasse over the appropriate
level of privacy guarantees in Debian. [1] Would this esteemed group
please advise if the topic is in some form suitable for a General
Resolution?
The aggrieved party is likely to appeal my forthcoming lack of action
to the Technical Committee. [2] While the Technical Committee is more
or less Debian's Supreme Court, it seems unfair to burden that select
group of ours with matters of broad social significance. The Policy
Team was similarly reluctant. They have not acted on the matter in
nearly eight years. [3]
The maintainer of a well-known web browser took a stance in the
middle. [4] My own position was outlined here. [5]
In the spirit of seeking common ground, I would like to offer to the aggrieved party that we co-sponsor a General Resolution together. Is
that appropriate? Thank you!
Kind regards
Felix Lechner
[1] https://bugs.debian.org/743694
[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743694#44
[3] https://bugs.debian.org/726998
[4] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765503#5
[5] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743694#24
Hi,Heu, sorry but I think you are jumping on the gun here.
A fellow developer and I have reached an impasse over the appropriate
level of privacy guarantees in Debian. [1] Would this esteemed group
please advise if the topic is in some form suitable for a General
Resolution?
The aggrieved party is likely to appeal my forthcoming lack of action
to the Technical Committee. [2] While the Technical Committee is more
or less Debian's Supreme Court, it seems unfair to burden that select
group of ours with matters of broad social significance. The Policy
Team was similarly reluctant. They have not acted on the matter in
nearly eight years. [3]
The maintainer of a well-known web browser took a stance in the
middle. [4] My own position was outlined here. [5]
Felix Lechner <felix.lechner@lease-up.com> writes:
The Policy Team was similarly reluctant. They have not acted on the
matter in nearly eight years. [3]
In the interim, one path forward would be for someone who cares strongly about this area to write up a good guide for maintainers who have no expertise here and not a lot of time but a willingness to do something
(this may already exist in the wiki), and then put that guide into the Developer's Reference (perhaps a "Best practices around privacy" section). That gets the information about what to do into our technical
documentation and creates an on-ramp for elevating it to Policy advice and then possibly a Policy recommendation as the tools improve.
The Policy Team was similarly reluctant. They have not acted on the
matter in nearly eight years. [3]
Hi,
A fellow developer and I have reached an impasse over the appropriate
level of privacy guarantees in Debian. [1] Would this esteemed group
please advise if the topic is in some form suitable for a General
Resolution?
The aggrieved party is likely to appeal my forthcoming lack of action
to the Technical Committee. [2] While the Technical Committee is more
or less Debian's Supreme Court, it seems unfair to burden that select
group of ours with matters of broad social significance. The Policy
Team was similarly reluctant. They have not acted on the matter in
nearly eight years. [3]
The maintainer of a well-known web browser took a stance in the
middle. [4] My own position was outlined here. [5]
In the spirit of seeking common ground, I would like to offer to the aggrieved party that we co-sponsor a General Resolution together. Is
that appropriate? Thank you!
Kind regards
Felix Lechner
A fellow developer and I have reached an impasse over the appropriate
level of privacy guarantees in Debian. [1]
Would this esteemed group please advise if the topic is in some form
suitable for a General Resolution?
The web applications available in Debian may suggest visitors request resources not available on the same web service. Since most web
browsers don't block third-party requests by default, those visitors,
who are only indirectly Debian users, could have a privacy violation.
The same applies when Debian documentation is copied to a website.
On Fri, Sep 10, 2021 at 2:44 PM Felix Lechner wrote:
A fellow developer and I have reached an impasse over the appropriateI think that lintian privacy tags currently represent several sets of bugs:
level of privacy guarantees in Debian. [1]
The browsers shipping in Debian place no barriers between local files
on disk, sites on the local network and sites on the Internet. So if
someone reads some local documentation they didn't get from Debian
using a browser from Debian, they could have a privacy violation.
On Fri, Sep 10, 2021 at 2:44 PM Felix Lechner wrote:
Would this esteemed group please advise if the topic is in some form suitable for a General Resolution?
I'm not sure a GR is the appropriate mechanism to fix privacy issues
in Debian, instead I would encourage interested folks to form a group
focused on detecting, fixing and mitigating these issues. See the work
of the Reproducible Builds folks for an example how such a group can
move Free Software forward on a particular issue.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 63:27:07 |
Calls: | 6,654 |
Files: | 12,200 |
Messages: | 5,331,699 |