Bug#829494: marked as done (chirpw phones home without informed consent)

To: irl@debian.org (Iain R. Learmonth)
Subject: Bug#829494: marked as done (chirpw phones home without informed consent)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 13 Nov 2016 11:21:12 +0000
Message-id: <[🔎] handler.829494.D829494.14790358333319.ackdone@bugs.debian.org>
References: <E1c5sma-000Acs-Kh@fasolo.debian.org> <62bbdc71-4b5f-7105-162c-7e70d317f6e5@neilvandyke.org>

Your message dated Sun, 13 Nov 2016 11:17:08 +0000
with message-id <E1c5sma-000Acs-Kh@fasolo.debian.org>
and subject line Bug#829494: fixed in chirp 0.4.0-1+deb8u1
has caused the Debian Bug report #829494,
regarding chirpw phones home without informed consent
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
829494: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829494
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org

Subject: chirpw phones home without informed consent

From: Neil Van Dyke <neil@neilvandyke.org>

Date: Sun, 3 Jul 2016 16:27:13 -0400

Message-id: <62bbdc71-4b5f-7105-162c-7e70d317f6e5@neilvandyke.org>
Package: chirp
Version: 0.4.0-1
Severity: serious
A pop-up dialog from the "chirpw" program says that it reports some kindof usage information to some external party, and describes how toopt-out of this. There are at least two privacy problems:
1. It appears that some phoning home happens before the user has giveninformed consent. For example, when I received the pop-up dialogue, Iimmediately disabled reporting, but I found that "chirpw" had alreadycontacted some server and informed me that I was not using the latestversion. Therefore, the suggestion that one can opt-out of phoning-homeis misleading, since some phoning-home has already occurred.
2. Also, the text suggests that this is anonymous, but that ismisleading (due, e.g., to IP address traceability), so any consent wouldnot be informed, even were it given prior to phoning-home occurring.
Note that I have not looked at what information is transmitted, so theremight be a third problem, but I believe these two identified problemsalone require action.
I recommend and request that this reporting and any other "phoning home"either be disabled completely in the Debian "chirp" package, or changedto be an express *opt-in* (like opt-in is long used elsewhere in Debian,such as for package "popularity contest"). Thank you.
--- End Message ---

--- Begin Message ---

To: 829494-close@bugs.debian.org
Subject: Bug#829494: fixed in chirp 0.4.0-1+deb8u1
From: irl@debian.org (Iain R. Learmonth)
Date: Sun, 13 Nov 2016 11:17:08 +0000
Message-id: <E1c5sma-000Acs-Kh@fasolo.debian.org>

Source: chirp
Source-Version: 0.4.0-1+deb8u1

We believe that the bug you reported is fixed in the latest version of
chirp, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 829494@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Iain R. Learmonth <irl@debian.org> (supplier of updated chirp package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 08 Nov 2016 12:15:26 +0000
Source: chirp
Binary: chirp
Architecture: source amd64
Version: 0.4.0-1+deb8u1
Distribution: jessie
Urgency: medium
Maintainer: Debian Hamradio Maintainers <debian-hams@lists.debian.org>
Changed-By: Iain R. Learmonth <irl@debian.org>
Description:
 chirp      - Configuration tool for amateur radios
Closes: 829494
Changes:
 chirp (0.4.0-1+deb8u1) jessie; urgency=medium
 .
   * Disables reporting of telemetry without informed consent (Closes: #829494)
Checksums-Sha1:
 4e47d21e7e41d0a8a0d118f130586cf54b5cf3ae 1670 chirp_0.4.0-1+deb8u1.dsc
 71e8736860118a64e34a87d660cd209a56bc9fce 3736 chirp_0.4.0-1+deb8u1.debian.tar.xz
 33ed3b62d835ac8186ffd37f0f561ed9aef0fa21 276154 chirp_0.4.0-1+deb8u1_amd64.deb
Checksums-Sha256:
 f9c9cc186f43a6bfbb9a1a7680d34c018c5d3329e01129393403fb056fa31c3d 1670 chirp_0.4.0-1+deb8u1.dsc
 0547ad1c6a90021b2487bf9d110db1892e97731dae2aa1a131cb543a329f718f 3736 chirp_0.4.0-1+deb8u1.debian.tar.xz
 7e14e1213c2abee767b5c3e062b3cb1752d8998ed3bf2df6d07ef782342e6097 276154 chirp_0.4.0-1+deb8u1_amd64.deb
Files:
 09fa992a2cea6745c17bf3c2478fe904 1670 hamradio optional chirp_0.4.0-1+deb8u1.dsc
 ed9cd7aa5a871eb5762755103a0a0114 3736 hamradio optional chirp_0.4.0-1+deb8u1.debian.tar.xz
 5ac5c55004b9114d4b4098246325685f 276154 hamradio optional chirp_0.4.0-1+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQEcBAEBCAAGBQJYIcMOAAoJENIXnVuKHtARVC8IAJJoMOZlY4S5TXGgnnO0UOr7
a7HkOJL+4y5XA7HfGKTR8xDrB1wSbvJLjyT1v+PYAE+hSPd0G0KMat534HzyDZcU
FcNp01nfXlqlK4HUmuVDCsynK4Wn1k9lSOQV2H80YcTFg+Sa2F3ZzA/clDKyYOWq
vrUv1NF8Eem15nCfgrD/i8Yu+C7xeRQGKLJifhOhkTyXqCnO65NcxwdPjpr4nuT9
Eygu3gruVKtH936zDaS7L9VCNJIAVkD8ScyFr8m2SXDeo6OF5HeFiXTr+RurPot1
uSF24aD2wEJeUFfzciLavgSliNL5XDInFmUQInRc0EY0vX9wzQsA0bAJvLFgSvk=
=vmJM
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

Prev by Date: gqrx-sdr backport and gnuradio
Next by Date: chirp_0.4.0-1+deb8u1_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Previous by thread: Re: gqrx-sdr backport and gnuradio
Next by thread: chirp_0.4.0-1+deb8u1_amd64.changes ACCEPTED into proposed-updates->stable-new, proposed-updates
Index(es):
- Date
- Thread