Bug#743694: Downgrade most of privacy-breach* tags from severity: error to pedantic
Package: lintian
Version: 2.5.22.1
Severity: important
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I hereby ask for downgrading most of the privacy-breach* checks from
severity: error to pedantic.
Because the severity of these lintian checks is relevant to the decision,
if a package gets accepted into Debian I've added the FTP masters team this
report to get their point of view.
Why do I disagree to the severity chosen for these tags:
- - The severity chosen for these tags/checks is not justified by any of our
policies, neither the Debian policy, not the best packaging practises nor
any legal reason! There is IMO one exception: the violation of Google
AdSense terms is serious and shouldn't be changed.
- - There is no technical nor social justification for this severity. Making
it simple: either you have an internet connection or you don't. In the
latter case there is no problem. If you have an internet connection you
either use a technical solution/ anonymizer to disable any "tracking"
services or you don't. In both cases you don't have a problem, either
you decided you accept the existance of zero-byte gifs, cross-links,
tracking services and stuffs or you already use a technical solution to
"disable" this. So making our package compliant to this new privacy-
policy doesn't add any value to our users.
- - I simply morally disagree with removing donation requests from authors
although this might be legally correct (and yes I know, you request
to put this in the upstream metadata instead). IMHO it is simply not
your choice to make, how the author makes a donation request.
- - Because I cannot see any agreement on the position lintian authors took
here and because I don't see any technical nor social justification for this
choice, I find it unacceptable that the burden to make packages "privacy"-
compliant to some users is put on the shoulders of myself and fellow DDs.
I cannot argue with the position of the Debian project and IMHO neither can
you, so I would suggest a conservative choice for severity of these tags as
long as we don't have a common position of the project.
Regards, Daniel
- -- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (850, 'unstable'), (700, 'testing'), (560, 'stable'), (500, 'oldstable'), (110, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.13-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages lintian depends on:
ii binutils 2.24-5
ii bzip2 1.0.6-5
ii diffstat 1.58-1
ii file 1:5.17-1
ii gettext 0.18.3.2-1
ii hardening-includes 2.5
ii intltool-debian 0.35.0+20060710.1
ii libapt-pkg-perl 0.1.29+b1
ii libarchive-zip-perl 1.37-2
ii libclass-accessor-perl 0.34-1
ii libclone-perl 0.36-1
ii libdpkg-perl 1.17.6
ii libemail-valid-perl 1.192-1
ii libfile-basedir-perl 0.03-1
ii libipc-run-perl 0.92-1
ii liblist-moreutils-perl 0.33-2
ii libparse-debianchangelog-perl 1.2.0-1
ii libtext-levenshtein-perl 0.06~01-2
ii libtimedate-perl 2.3000-1
ii liburi-perl 1.60-1
ii man-db 2.6.6-1
ii patchutils 0.3.2-3
ii perl [libdigest-sha-perl] 5.18.2-2+b1
ii t1utils 1.37-2
Versions of packages lintian recommends:
pn libperlio-gzip-perl <none>
ii perl-modules [libautodie-perl] 5.18.2-2
Versions of packages lintian suggests:
pn binutils-multiarch <none>
ii dpkg-dev 1.17.6
ii libhtml-parser-perl 3.71-1+b1
ii libtext-template-perl 1.46-1
ii libyaml-perl 0.84-1
ii xz-utils 5.1.1alpha+20120614-2
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlM/4okACgkQm0bx+wiPa4y7jwCgh/PCcIHyBliuYzPTmLcOfAUw
/zsAoM+BIgeF3rkscqbxjNd6KqYG9hkZ
=sT++
-----END PGP SIGNATURE-----
Reply to: