On Wed, Jan 02, 2013 at 08:25:21AM +0100, Mike Hommey wrote: > (Zack, question for you at the end) […] > Arguably, we could remove most of the information sent, but I'm not > convinced either. But then, I could be seen as biased, since I'm also a > Mozilla Corporation employee. So I'll defer the decision to touch the > downloaded url to someone else. Which makes me wonder, do we have > specific people in Debian dealing with such privacy concerns?
Not that I'm aware of, unfortunately. (I've been thinking for quite a while about encouraging the formation of a "debian privacy team", that could have a cross-cutting view on privacy issues in stock Debian, but I don't think we have anything close ATM.) I'd suggest contacting the security team, as a potential approximation. Also, discussing this with the popcon maintainers might be useful, given they have surely faced similar issues in the past and might have developed a useful "culture" on the matter. FWIW, I did find your explanation of what is sent quite reassuring. But I'm still torn between the need of defending users against malware-ish extensions and the need of not doing anything that might remotely resemble "phoning home" by default. Not sure if I've helped much..., Cheers. -- Stefano Zacchiroli . . . . . . . z...@upsilon.cc . . . . o . . . o . o Maître de conférences . . . . . http://upsilon.cc/zack . . . o . . . o o Debian Project Leader . . . . . . @zack on identi.ca . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club »
signature.asc
Description: Digital signature
