Hi!
On 10.09.21 19:10, Russ Allbery wrote:
Felix Lechner <felix.lech...@lease-up.com> writes:
The Policy Team was similarly reluctant. They have not acted on the
matter in nearly eight years. [3]
In the interim, one path forward would be for someone who cares strongly
about this area to write up a good guide for maintainers who have no
expertise here and not a lot of time but a willingness to do something
(this may already exist in the wiki), and then put that guide into the
Developer's Reference (perhaps a "Best practices around privacy" section).
That gets the information about what to do into our technical
documentation and creates an on-ramp for elevating it to Policy advice and
then possibly a Policy recommendation as the tools improve.
I love this idea.
I believe it would have a much greater impact on the long term to raise
awareness among maintainers.
There is a wiki page that references different privacy issues with
Debian packages [https://wiki.debian.org/PrivacyIssues] and that could
equally add some data and starting points for a "Best practices".
Another thing that I dit not see addressed in that matter is that fact
that privacy issues should also be fixed upstream ("we will give back to
the community", Debian Social Contract) - and with priority.
Take care,
Ulrike
