Quoting Norbert Preining (2019-12-26 13:36:28) > On Thu, 26 Dec 2019, Jonas Smedegaard wrote: > > Second point is ideally useless as well, because plugins should be > > packaged as well. > > Well, they aren't, and will never be packaged (unless someone steps in). > So getting notified of updates - possible of security issues - is in > principle a good point.
Let me dare paraphrase: "Well, we will never have global peace (unless God or aliens step in). So monitoring our citizens - potential terrorists - is in principle a good point." I agree there is a point in letting software phone home about updates to infections inflicted by those same tools, but it is a *bad* point. Better point is to not let the tool infect the system! Yes: To me a tool which injects rogue and potentially insecure code into a Debian system is essentially infecting the system. I disagree that it is a good point for packaged software to phone home about updates to infections inflicted by those same tools, and to me a tool which injects rogue and potentially insecure code into a Debian system is essentially infecting the system. Makes sense for a system _without_ the governance of a distribution to let its tools self-govern, but such mechanisms are unsuitable in a system with governance - and potentially outright dangerous, because the user _expect_ the system-wide governance to work (not for the governance to knowingly let things go rogue). It is bad that a system installed purely from Debian - with all security updates carefully applied and all security announcements carefully followed - can be insecure due to tools bypassing Debian and doing its own update mechanisms. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
signature.asc
Description: signature
