Your message dated Fri, 25 Dec 2020 14:34:26 +0000 with message-id <e1ksoak-000g7p...@fasolo.debian.org> and subject line Bug#958497: fixed in geoclue-2.0 2.5.7-1 has caused the Debian Bug report #958497, regarding geoclue-2.0 violates GDPR to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 958497: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958497 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: geoclue-2.0 Version: 2.5.6-1 Severity: serious The geoclue package collects SSIDs in the neighborhood and sends them to Mozilla location services. The SSID of an adhoc network (which for instance is set up for tethering via a mobile phone) is personally identifiable information. Sending this information about a third person without his or her explicit consent to another party especially one outside of the European Union is in breach of the German law Datenschutz-Grundverordnung which is the German implementation of the European General Data Protection Regulation (GDPR). The easiest remedy would be to remove the package from the repository until it is fixed upstream to be compliant. Cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924516 src/gclue-config.c:219: #define DEFAULT_WIFI_URL "https://location.services.mozilla.com/v1/geolocate?key="; MOZILLA_API_KEY #define DEFAULT_WIFI_SUBMIT_URL "https://location.services.mozilla.com/v1/submit?key="; MOZILLA_API_KEY Best regards Heinrich Schuchardt
--- End Message ---
--- Begin Message ---Source: geoclue-2.0 Source-Version: 2.5.7-1 Done: Laurent Bigonville <bi...@debian.org> We believe that the bug you reported is fixed in the latest version of geoclue-2.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 958...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laurent Bigonville <bi...@debian.org> (supplier of updated geoclue-2.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 25 Dec 2020 14:59:35 +0100 Source: geoclue-2.0 Architecture: source Version: 2.5.7-1 Distribution: unstable Urgency: medium Maintainer: Laurent Bigonville <bi...@debian.org> Changed-By: Laurent Bigonville <bi...@debian.org> Closes: 924516 958497 Changes: geoclue-2.0 (2.5.7-1) unstable; urgency=medium . [ Laurent Bigonville ] * New upstream version 2.5.7 - Check the maximum allowed accuracy level even for system applications. Respect the value of the user preference concerning the usage of their geolocation. This should fix the privacy and GDPR conformity concerns as the user explicitly needs to enable the option. Note that there is no distinction between the system applications anymore, turning on the option is allowing them all to get the location. (Closes: #924516, #958497) * debian/README.Debian: Add information about MLS and a link to the service Privacy Notice page * Add debian/salsa-ci.yml file * debian/control: Remove Craig Andrews from the Uploaders. He has not been active since 2009, thanks for his previous work on the package * d/p/: Add a patch to make the Mozilla API key configurable * debian/rules: Use the key that has been allocated to debian for MLS queries * d/gbp.conf: Stop adding the commit-id and set multimaint-merge to True * debian/control: Bump Standards-Version to 4.5.1 (no further changes) * d/p: Add an upstream patch to fix the display of the usage indicator * d/p: Remove the remaining differences between system app and flatpak ones. This fix an issue when geoclue is D-Bus activated by a client and also make sure that a running client is disconnected when the user disables the location services (set the accuracy to 0) . [ Chris McGee ] * debian/control: Add rules requires root . [ Debian Janitor ] * Refer to specific version of license LGPL-2+. * Apply multi-arch hints. + geoclue-doc, libgeoclue-doc: Add Multi-Arch: foreign. Checksums-Sha1: c06f08da2d6cda9428924a67213f0446c4b3daf3 2386 geoclue-2.0_2.5.7-1.dsc 28fec44b0583208a8654296ab39d45f2ab71d318 85764 geoclue-2.0_2.5.7.orig.tar.bz2 a47ac7a0aac0a8f4d365c01bcfdc6e03363f0551 14728 geoclue-2.0_2.5.7-1.debian.tar.xz 8f02df82c85bc4eaa47fe2a4e6f74a0abcacf1ad 9628 geoclue-2.0_2.5.7-1_source.buildinfo Checksums-Sha256: 4732880369a39290c13bfaea09b911e20a54da577f9f31e227c5601ccea6ec08 2386 geoclue-2.0_2.5.7-1.dsc 6cc7dbe4177b4e7f3532f7fe42262049789a3cd6c55afe60a3564d7394119c27 85764 geoclue-2.0_2.5.7.orig.tar.bz2 d0aa565d68d06fd1bb14e6510d160952a05786aff0887a7385e151b13088f522 14728 geoclue-2.0_2.5.7-1.debian.tar.xz 018daa80e6f25d97bb66e71fd0df5a505c8470bea904c7d47f0872b0bcb7ce8d 9628 geoclue-2.0_2.5.7-1_source.buildinfo Files: bf2d8417d044bcbbd59d09a3ef236841 2386 utils optional geoclue-2.0_2.5.7-1.dsc f6e731a21d458168eda613816797eb73 85764 utils optional geoclue-2.0_2.5.7.orig.tar.bz2 2b7d1ac16433a449588d8e5e630cc48a 14728 utils optional geoclue-2.0_2.5.7-1.debian.tar.xz 0e1a49107e01323d6daa9e7ce0c76153 9628 utils optional geoclue-2.0_2.5.7-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFFBAEBCAAvFiEEmRrdqQAhuF2x31DwH8WJHrqwQ9UFAl/l8bIRHGJpZ29uQGRl Ymlhbi5vcmcACgkQH8WJHrqwQ9XPsAgApaYCc6eiprGM9l/nCpfPmw/b8lvsN+lV 6bGDz7uppeNCdn5yDLXhy6trkw1KaHNt6IutOAeCvoY+F2TvBUhkNw+9B8O0B1WG kEsizhJMaiYHAe10bdDkxPmCvU9Pt1ETJ1qwYrppVtPcWnFDbHT3uygZxPUtYHAV JmKGT2VXiBHjCMigLGybBm8YoqHScg8rVEfr+ajHbmzZ9s2zk0g0EzWphXVIiKn2 27o59Ixh4CbfAsbNATL681qIJF+pu2o/AcPq6kC8OrB2sor9UIktk5nuSmRgd0dt +WmQfLX66j2nY07BlXQmjSqAsNTIxmq3crl1LJ/NG2kKXOIqFzvewQ== =89+P -----END PGP SIGNATURE-----
--- End Message ---
