On Thu, Feb 28, 2008 at 07:20:34PM +, Ian Jackson wrote:
> Steve Langasek writes ("Re: Phoning home"):
> > On Tue, Feb 26, 2008 at 08:24:09PM +, Ian Jackson wrote:
> > > If the latter, what privacy assurances do we have and why do we believe
> > > t
Harald Braumann writes ("Re: Phoning home"):
> I, as a user, don't want to be warned, informed, asked or annoyed
> in any other way about things that I don't want anyway. If I want to
> send information I enable that explicitly.
Quite.
I think it's fair enough
Steve Langasek writes ("Re: Phoning home"):
> On Tue, Feb 26, 2008 at 08:24:09PM +, Ian Jackson wrote:
> > If the latter, what privacy assurances do we have and why do we believe
> > them ?
>
> Why should we believe *any* privacy assurances? If you want an assu
;> On Mon, Feb 25, 2008 at 10:16:29AM +0100, Giacomo A. Catenazzi
> >>> wrote:
> >>>>> Speaking as a human being, I would suggest that Debian policy
> >>>>> should be that all "phoning home" MUST be enabled explicitly,
> >>>&
that all "phoning home" MUST be enabled explicitly, and MUST be turned
off by default.
"should" here would only mean that we've failed to correctly define "phoning
home".
So that'd be something like "Packages should not communicate on the
netwo
On Tue, Feb 26, 2008 at 08:24:09PM +, Ian Jackson wrote:
> > "should" here would only mean that we've failed to correctly define "phoning
> > home". There's no legitimate reason for Debian packages to phone home, and
> > it's always a bug
ld be
> > >> that all "phoning home" MUST be enabled explicitly, and MUST be turned
> > >> off by default.
> > "should" here would only mean that we've failed to correctly define "phoning
> > home".
> So that'd be somethi
On Mon, Feb 25, 2008 at 04:25:28PM -0800, Steve Langasek wrote:
> On Mon, Feb 25, 2008 at 10:16:29AM +0100, Giacomo A. Catenazzi wrote:
> >> Speaking as a human being, I would suggest that Debian policy should be
> >> that all "phoning home" MUST be enabled explicit
Steve Langasek writes ("Re: Phoning home"):
> On Mon, Feb 25, 2008 at 10:16:29AM +0100, Giacomo A. Catenazzi wrote:
> > No, I prefer the SHOULD form, because it permit the
> > right thing to be done, giving the debian developer
> > the freedom (and burden) to check
Thomas Bushnell BSG writes ("Re: Phoning home"):
> These are two separate concerns.
>
> Concern One: What a server does with information as a result of its
> operations;
>
> Concern Two: What network traffic a program makes in its operation.
I think it is a mistake
Russ Allbery writes ("Re: Phoning home"):
> I suppose that apt never updates itself unless you have something
> configured to do so (although does synaptic default to running aptitude
> update periodically?).
We can serve our users better by having our apt phone home to ask i
Thomas Bushnell BSG writes ("Re: Phoning home"):
> On Sun, 2008-02-24 at 13:54 +, Ian Jackson wrote:
> > But I was rather surprised to find this situation. It looks like the
> > prospective maintainer was aware of the phoning home but didn't
> > consider
Julian Gilbey writes ("Re: Phoning home"):
> On Sun, Feb 24, 2008 at 01:54:11PM +, Ian Jackson wrote:
> > I think therefore that we should add some statement to policy about
> > phoning home.
>
> Agreed.
>
> > As a starting point:
> >
> &g
g me if I want to send information to upstream is
annoying. Getting one for every program for every user makes Debian
significantly worse for our users. Let's not go that way, please.
> If there's no easy way to do it then just for the sake of simplicity a
> patch rewriting the &#x
On Mon, Feb 25, 2008 at 10:16:29AM +0100, Giacomo A. Catenazzi wrote:
> Lars Wirzenius wrote:
>> On su, 2008-02-24 at 16:43 -0600, Raphael Geissert wrote:
>>> * The package/software SHOULD offer a way to disable the 'phoning home' code
>>> if it contains such
ng every program?
>
> Using the program's settings facilities.
> All it has to do is check if the user has already been warned and if not do
> it, of course only when the program is run.
>
> If there's no easy way to do it then just for the sake of simplicity a patch
>
What network traffic a program makes in its operation.
Concern Two is what the original worry was about. The problem is that a
program is "phoning home" *unnecessarily*, in a way which is not
connected with its normal purposes.
Concern One is a broader concern, but it's not some
that I'm comfortable with).
> That's true, and I think Ian's right. I don't, however, consider apt to
> be phoning home. That's a gut feeling, and it may be based just on the
> fact that apt has been around for so long.
I suppose that apt never updates itself unless
7;t like strong policy (i.e. the MUST
in one proposed change), but I would like that the
usual behavior is stronger on privacy concerns, both
on classical "phone home", and in more hidden
"phone home" (when it is proved to be like a real
phoning home.
PS: the list:
- a
On Mon, 2008-02-25 at 10:16 +0100, Giacomo A. Catenazzi wrote:
> Lars Wirzenius wrote:
> > On su, 2008-02-24 at 16:43 -0600, Raphael Geissert wrote:
> >> * The package/software SHOULD offer a way to disable the 'phoning home'
> >> code
>
David Nusinow dijo [Sun, Feb 24, 2008 at 08:52:53PM -0500]:
> > The problem I see here is that admin != user in all the situations.
> > IMO it should ask, or at least warn, the user and not the admin.
> > Because in the end is the user's privacy the one affected, not the
> > administrator's.
>
> Y
Lars Wirzenius wrote:
On su, 2008-02-24 at 16:43 -0600, Raphael Geissert wrote:
* The package/software SHOULD offer a way to disable the 'phoning home' code
if it contains such kind of 'feature'.
Speaking as a human being, I would suggest that Debian policy should be
th
Ian's right. I don't, however, consider apt to
be phoning home. That's a gut feeling, and it may be based just on the
fact that apt has been around for so long.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ady been warned and if not do
it, of course only when the program is run.
If there's no easy way to do it then just for the sake of simplicity a patch
rewriting the 'phoning home' function should be written.
IMHO that sounds more reasonable than letting the admin decide about the
users p
On Sun, Feb 24, 2008 at 07:44:53PM -0600, Raphael Geissert wrote:
> David Nusinow wrote:
> >
> > Yes please! I think this sort of thing could be an acceptable use of
> > debconf (preferrably at a low priority), so that users who want to
> > participate can.
>
> The problem I see here is that adm
David Nusinow wrote:
>
> Yes please! I think this sort of thing could be an acceptable use of
> debconf (preferrably at a low priority), so that users who want to
> participate can.
The problem I see here is that admin != user in all the situations.
IMO it should ask, or at least warn, the user
Lars Wirzenius <[EMAIL PROTECTED]> writes:
> On su, 2008-02-24 at 16:43 -0600, Raphael Geissert wrote:
>> * The package/software SHOULD offer a way to disable the 'phoning home'
>> code if it contains such kind of 'feature'.
> Speaking as a human bein
On Mon, Feb 25, 2008 at 01:05:32AM +0200, Lars Wirzenius wrote:
> On su, 2008-02-24 at 16:43 -0600, Raphael Geissert wrote:
> > * The package/software SHOULD offer a way to disable the 'phoning home' code
> > if it contains such kind of 'feature'.
>
> S
On su, 2008-02-24 at 16:43 -0600, Raphael Geissert wrote:
> * The package/software SHOULD offer a way to disable the 'phoning home' code
> if it contains such kind of 'feature'.
Speaking as a human being, I would suggest that Debian policy should be
that all &quo
other purposes with explicit permission from the user
>
I, as a user, package maintainer and software developer, would consider the
next two points more than enough (of course the usual wording is
necessary).
* The user _MUST_ be notified about any kind of 'phoning home' the
package/so
d
> with the prospective maintainer to resolve this and I don't think
> there will be any difficulty for the specific package.
>
> But I was rather surprised to find this situation. It looks like the
> prospective maintainer was aware of the phoning home but didn't
> consider i
On Sun, Feb 24, 2008 at 01:54:11PM +, Ian Jackson wrote:
> I think therefore that we should add some statement to policy about
> phoning home.
Agreed.
> As a starting point:
>
> * Software in Debian should not communicate over the network except
>- in order to, a
nk
there will be any difficulty for the specific package.
But I was rather surprised to find this situation. It looks like the
prospective maintainer was aware of the phoning home but didn't
consider it a release-critical bug; they are also reluctant to
override upstream's wishes without some cl
33 matches
Mail list logo
