On Sat, May 12, 2018 at 10:45 AM, kardan <kar...@riseup.net> wrote: >> What is your exact privacy concern and why is it so important that it >> outweighs our users having outdated firmware for their hardware, some >> with potential known security vulnerabilities? > > A service hosted by amazon may not meet the high standards for FOSS.
Amazon also is one of the two hosts behind the very popular https://deb.debian.org/ service which I think is the default apt mirror for Debian 9! Respectfully, there is nothing in the Debian Social Contract, the DFSG, or Debian Policy that forbids using Amazon hosting. If that is your only specific privacy concern, then it sounds like that is already in progress and does not need to prevent inclusion of fwupd by default in Debian GNOME for the Buster release. Otherwise, what specific data do you consider to be private but is shared with the fwupd maintainers and their partners? > Wouldn't it be more useful to provide a software that does not depend > on a single DE for updating firmware. Sorry, but the dependency is the other way around. It is the desktop's responsibility to integrate with fwupd. fwupd does not need to provide apps for every desktop for Debian GNOME to include it by default. > Another question, is who audits .cab files before they are delivered to > users: > > Where can I find more info about this QA team? I think those questions are better addressed to LVFS directly, not a Debian bug tracker. Thanks, Jeremy Bicha
