Bug#829494: marked as done (chirpw phones home without informed consent)
Your message dated Sun, 13 Nov 2016 11:17:08 +0000
with message-id <E1c5sma-000Acs-Kh@fasolo.debian.org>
and subject line Bug#829494: fixed in chirp 0.4.0-1+deb8u1
has caused the Debian Bug report #829494,
regarding chirpw phones home without informed consent
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
829494: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829494
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: chirpw phones home without informed consent
- From: Neil Van Dyke <neil@neilvandyke.org>
- Date: Sun, 3 Jul 2016 16:27:13 -0400
- Message-id: <62bbdc71-4b5f-7105-162c-7e70d317f6e5@neilvandyke.org>
Package: chirp
Version: 0.4.0-1
Severity: serious
A pop-up dialog from the "chirpw" program says that it reports some kind
of usage information to some external party, and describes how to
opt-out of this. There are at least two privacy problems:
1. It appears that some phoning home happens before the user has given
informed consent. For example, when I received the pop-up dialogue, I
immediately disabled reporting, but I found that "chirpw" had already
contacted some server and informed me that I was not using the latest
version. Therefore, the suggestion that one can opt-out of phoning-home
is misleading, since some phoning-home has already occurred.
2. Also, the text suggests that this is anonymous, but that is
misleading (due, e.g., to IP address traceability), so any consent would
not be informed, even were it given prior to phoning-home occurring.
Note that I have not looked at what information is transmitted, so there
might be a third problem, but I believe these two identified problems
alone require action.
I recommend and request that this reporting and any other "phoning home"
either be disabled completely in the Debian "chirp" package, or changed
to be an express *opt-in* (like opt-in is long used elsewhere in Debian,
such as for package "popularity contest"). Thank you.
--- End Message ---
--- Begin Message ---
- To: 829494-close@bugs.debian.org
- Subject: Bug#829494: fixed in chirp 0.4.0-1+deb8u1
- From: irl@debian.org (Iain R. Learmonth)
- Date: Sun, 13 Nov 2016 11:17:08 +0000
- Message-id: <E1c5sma-000Acs-Kh@fasolo.debian.org>
Source: chirp
Source-Version: 0.4.0-1+deb8u1
We believe that the bug you reported is fixed in the latest version of
chirp, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 829494@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Iain R. Learmonth <irl@debian.org> (supplier of updated chirp package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 08 Nov 2016 12:15:26 +0000
Source: chirp
Binary: chirp
Architecture: source amd64
Version: 0.4.0-1+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Debian Hamradio Maintainers <debian-hams@lists.debian.org>
Changed-By: Iain R. Learmonth <irl@debian.org>
Description:
chirp - Configuration tool for amateur radios
Closes: 829494
Changes:
chirp (0.4.0-1+deb8u1) jessie; urgency=medium
.
* Disables reporting of telemetry without informed consent (Closes: #829494)
Checksums-Sha1:
4e47d21e7e41d0a8a0d118f130586cf54b5cf3ae 1670 chirp_0.4.0-1+deb8u1.dsc
71e8736860118a64e34a87d660cd209a56bc9fce 3736 chirp_0.4.0-1+deb8u1.debian.tar.xz
33ed3b62d835ac8186ffd37f0f561ed9aef0fa21 276154 chirp_0.4.0-1+deb8u1_amd64.deb
Checksums-Sha256:
f9c9cc186f43a6bfbb9a1a7680d34c018c5d3329e01129393403fb056fa31c3d 1670 chirp_0.4.0-1+deb8u1.dsc
0547ad1c6a90021b2487bf9d110db1892e97731dae2aa1a131cb543a329f718f 3736 chirp_0.4.0-1+deb8u1.debian.tar.xz
7e14e1213c2abee767b5c3e062b3cb1752d8998ed3bf2df6d07ef782342e6097 276154 chirp_0.4.0-1+deb8u1_amd64.deb
Files:
09fa992a2cea6745c17bf3c2478fe904 1670 hamradio optional chirp_0.4.0-1+deb8u1.dsc
ed9cd7aa5a871eb5762755103a0a0114 3736 hamradio optional chirp_0.4.0-1+deb8u1.debian.tar.xz
5ac5c55004b9114d4b4098246325685f 276154 hamradio optional chirp_0.4.0-1+deb8u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCAAGBQJYIcMOAAoJENIXnVuKHtARVC8IAJJoMOZlY4S5TXGgnnO0UOr7
a7HkOJL+4y5XA7HfGKTR8xDrB1wSbvJLjyT1v+PYAE+hSPd0G0KMat534HzyDZcU
FcNp01nfXlqlK4HUmuVDCsynK4Wn1k9lSOQV2H80YcTFg+Sa2F3ZzA/clDKyYOWq
vrUv1NF8Eem15nCfgrD/i8Yu+C7xeRQGKLJifhOhkTyXqCnO65NcxwdPjpr4nuT9
Eygu3gruVKtH936zDaS7L9VCNJIAVkD8ScyFr8m2SXDeo6OF5HeFiXTr+RurPot1
uSF24aD2wEJeUFfzciLavgSliNL5XDInFmUQInRc0EY0vX9wzQsA0bAJvLFgSvk=
=vmJM
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: