Your message dated Sat, 09 Jan 2021 22:33:22 +0000 with message-id <e1kymns-0009kv...@fasolo.debian.org> and subject line Bug#958497: fixed in geoclue-2.0 2.5.2-1+deb10u1 has caused the Debian Bug report #958497, regarding geoclue-2.0 violates GDPR to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 958497: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=958497 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: geoclue-2.0 Version: 2.5.6-1 Severity: serious The geoclue package collects SSIDs in the neighborhood and sends them to Mozilla location services. The SSID of an adhoc network (which for instance is set up for tethering via a mobile phone) is personally identifiable information. Sending this information about a third person without his or her explicit consent to another party especially one outside of the European Union is in breach of the German law Datenschutz-Grundverordnung which is the German implementation of the European General Data Protection Regulation (GDPR). The easiest remedy would be to remove the package from the repository until it is fixed upstream to be compliant. Cf. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924516 src/gclue-config.c:219: #define DEFAULT_WIFI_URL "https://location.services.mozilla.com/v1/geolocate?key="; MOZILLA_API_KEY #define DEFAULT_WIFI_SUBMIT_URL "https://location.services.mozilla.com/v1/submit?key="; MOZILLA_API_KEY Best regards Heinrich Schuchardt
--- End Message ---
--- Begin Message ---Source: geoclue-2.0 Source-Version: 2.5.2-1+deb10u1 Done: Laurent Bigonville <bi...@debian.org> We believe that the bug you reported is fixed in the latest version of geoclue-2.0, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 958...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laurent Bigonville <bi...@debian.org> (supplier of updated geoclue-2.0 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 25 Dec 2020 17:19:50 +0100 Source: geoclue-2.0 Architecture: source Version: 2.5.2-1+deb10u1 Distribution: buster Urgency: medium Maintainer: Laurent Bigonville <bi...@debian.org> Changed-By: Laurent Bigonville <bi...@debian.org> Closes: 924516 958497 Changes: geoclue-2.0 (2.5.2-1+deb10u1) buster; urgency=medium . * debian/README.Debian: Add information about MLS and a link to the service Privacy Notice page * Check the maximum allowed accuracy level even for system applications. Respect the value of the user preference concerning the usage of their geolocation. This should fix the privacy and GDPR conformity concerns as the user explicitly needs to enable the option. Note that there is no distinction between the system applications anymore, turning on the option is allowing them all to get the location. (Closes: #924516, #958497) * d/p/: Add a patch to make the Mozilla API key configurable * debian/rules: Use the key that has been allocated to debian for MLS queries * d/p: Add an upstream patch to fix the display of the usage indicator * Fix crash if submission-url is not set in the config, patch from upstream Checksums-Sha1: 996a74e4d02b62c7211c7378e62ec3bceb2a90fa 2465 geoclue-2.0_2.5.2-1+deb10u1.dsc 2d541a66cff4eb8e403774f788673d5f097df00c 14068 geoclue-2.0_2.5.2-1+deb10u1.debian.tar.xz 00085f1af2e2ee9caaa615503cb1fa2ed4bd48e3 9660 geoclue-2.0_2.5.2-1+deb10u1_source.buildinfo Checksums-Sha256: 3176a0e3929a49bd8f36b2281f87539efe1a0e1f49890d47d9a9e23c2943346e 2465 geoclue-2.0_2.5.2-1+deb10u1.dsc 6d98621c6e9f68d369fe06334f1f11dd45396682e69103a60b15e186eccd2adc 14068 geoclue-2.0_2.5.2-1+deb10u1.debian.tar.xz 4e1d6c98818859d22e266858fd0b4c740bb630b9dadc23b2f176ee601e27dd87 9660 geoclue-2.0_2.5.2-1+deb10u1_source.buildinfo Files: bc8b7b3eb01c0105b7512af796360e3a 2465 utils optional geoclue-2.0_2.5.2-1+deb10u1.dsc 40c9f88dc8ed7fa3d54062e23236941f 14068 utils optional geoclue-2.0_2.5.2-1+deb10u1.debian.tar.xz cc2f02fa3a98b3ad65c9fbd039d53d49 9660 utils optional geoclue-2.0_2.5.2-1+deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQFFBAEBCAAvFiEEmRrdqQAhuF2x31DwH8WJHrqwQ9UFAl/mWf8RHGJpZ29uQGRl Ymlhbi5vcmcACgkQH8WJHrqwQ9XlGQf/ar8i3s4/Q3km6PFDRHFcnvo0gBEilTTV PuAOVtac7ksZDB4OPC8eUtmY4W9g+ZgcClEJnnIZrYI5ikPtqwnSWX7nFvYYBbVH 0GMAcewMPnInew1rKall67axtGM2YnuvnBn4HOBOK2zyDVz4yxFBKoK5yifg7pUd 7L62XxXM3CxaFUOZVIsBq29p9Orbg1RGDTo2WST3rjpUq5pYWy9QAVkMK0HQOGvg LU1w4U7N8ktuOw1HKNNKwfRuJok+sMZDbbN2xpLYPIJ99tL7zWf/wUoCAvdc3bRN WP19gcaTPxMzNnLOkTwL9P7FPhFdny99RIpqVP8KvPUxFUHVMbHb6Q== =wMu5 -----END PGP SIGNATURE-----
--- End Message ---
