Quoting Tomas Pospisek (2019-12-26 11:26:26) > On 26.12.19 06:42, Norbert Preining wrote: > > > (please Cc) > > > > are there any requirements or restriction what a program packaged in > > Debian is allowed to do when starting up? Calibre is normally doing the > > following checks: > > - check for updates of itself > > - check for updates of plugins > > - send UID, OS, program version, and the icon theme selected in the > > program to the statistic site [1] > > > > Which of the above actions are acceptable for Debian/main? > > > > [1] https://calibre-ebook.com/dynamic/calibre-usage > > The last point seems inacceptable to me if the user hasn't explicitly > consented to it. Checking for updates might be annoying but is "OK" to me.
All of those activities are problematic, because they leak privacy. First point is useless for packaged software and the code should be patched to skip it. Second point is ideally useless as well, because plugins should be packaged as well. Third point is, for the user, useless as well. I recommend to patch to disable all three mechanisms. ...but that's not what you asked about. I don't think Debian forbid privacy-leaky behaviours. If you choose to not voluntarily disable these mechanisms for the Debian packaging, then at least consider mention explicitly these behaviours in long description, and list them at https://wiki.debian.org/PrivacyIssues Thanks for bringing it up! - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
