Re: requirements and regulations concerning upgrade checks/statistics callback on program start
On Thu, Dec 26, 2019 at 5:52 AM Norbert Preining wrote:
> Calibre is normally doing the following checks:
I am wondering how you discovered these, was it just reading the
upstream code/website or are you monitoring traffic on your machine?
Personally, I think we need much more systematic auditing of these
sort of issues as more and more upstreams are adding update checks and
usage reporting and other statistics and telemetry. We also need
better tooling for discovering the issues, unfortunately nsntrace was
removed from Debian and opensnitch/unoon aren't packaged yet.
https://github.com/jonasdn/nsntrace/
https://github.com/kushaldas/unoon/
https://github.com/evilsocket/opensnitch/
> Which of the above actions are acceptable for Debian/main?
Personally, I don't like any of them enabled by default but with
informed consent and correct behaviour the plugin update checks could
be reasonable for the Debian package. The general update check isn't
useful on Debian but could be for some of the upstream platforms that
don't have system-wide package update checks.
In case you want to convince upstream to correct the behaviour, here
is an example of somewhere that upstream was (eventually) convinced to
make their telemetry much more reasonable, but IIRC their change of
heart about that was mainly due to the GDPR and not driven by their
developers being convinced by folks suggesting the change in the issue
tracker.
https://github.com/Ultimaker/Cura/issues/2810
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: