On Thu, Dec 26, 2019 at 5:52 AM Norbert Preining wrote: > Calibre is normally doing the following checks:
I am wondering how you discovered these, was it just reading the upstream code/website or are you monitoring traffic on your machine? Personally, I think we need much more systematic auditing of these sort of issues as more and more upstreams are adding update checks and usage reporting and other statistics and telemetry. We also need better tooling for discovering the issues, unfortunately nsntrace was removed from Debian and opensnitch/unoon aren't packaged yet. https://github.com/jonasdn/nsntrace/ https://github.com/kushaldas/unoon/ https://github.com/evilsocket/opensnitch/ > Which of the above actions are acceptable for Debian/main? Personally, I don't like any of them enabled by default but with informed consent and correct behaviour the plugin update checks could be reasonable for the Debian package. The general update check isn't useful on Debian but could be for some of the upstream platforms that don't have system-wide package update checks. In case you want to convince upstream to correct the behaviour, here is an example of somewhere that upstream was (eventually) convinced to make their telemetry much more reasonable, but IIRC their change of heart about that was mainly due to the GDPR and not driven by their developers being convinced by folks suggesting the change in the issue tracker. https://github.com/Ultimaker/Cura/issues/2810 -- bye, pabs https://wiki.debian.org/PaulWise
