On Thu, Aug 16, 2001 at 02:35:12PM +0000, Eduardo P?rez Ureta wrote: > What's the current policy about including spyware on debian ?
The current policy is that the package maintainer has final say, but other people can file bug reports. > Can debian programs send more information than necessary on network > protocols or should any program only send the necessary information > and nothing more. Necessary for what? > Some programs in debian send more information than necessary for the correct > operation of the protocol and that can be considered spyware or at least > an information leak that could comprise a security risk. This doesn't sound like a policy proposal, the way you've stated it. If this is a significant issue, perhaps you should file a bug report of an appropriate severity (wishlist, normal, ..) against the appropriate package? > Sometimes it's also used by some sites to discriminate the user based on > the operating system or the program client. Some of that is a kernel issue. Some of that is indeed provided by the client. [But note that both can lie.] Thanks, -- Raul
