On Sun, Feb 24, 2008 at 08:27:59PM -0600, Raphael Geissert wrote: > > On Sun, Feb 24, 2008 at 07:44:53PM -0600, Raphael Geissert wrote: > >> The problem I see here is that admin != user in all the situations. > >> IMO it should ask, or at least warn, the user and not the admin. > >> Because in the end is the user's privacy the one affected, not the > >> administrator's. > > All it has to do is check if the user has already been warned and if > not do it, of course only when the program is run. You make it sound as if that's simple (it is) and good (it's not, IMO), but I think it very much resembles having to click through a license for every package you install. One of the nice things about Debian is that the user doesn't need to worry about such things: Debian makes sure things are fine. IMO a dialog asking me if I want to send information to upstream is annoying. Getting one for every program for every user makes Debian significantly worse for our users. Let's not go that way, please. > If there's no easy way to do it then just for the sake of simplicity a > patch rewriting the 'phoning home' function should be written. In all cases, a patch disabling the "feature" would be acceptable. If it makes upstream really happy, I can live with an option to enable the functionality. But it must be disabled by default, and the user must not be asked anything (unless perhaps they have a "low" debconf treshold). See also my comments to Thomas' e-mail below. > IMHO that sounds more reasonable than letting the admin decide about the > users privacy. As a user, if you don't trust the admin, you shouldn't use the machine. More specifically, you shouldn't give any data to a computer that you don't trust the administrator with. If the administrator turns such a feature on, then that's the person who passes your information to upstream. They can do this anyway. Annoying the user just confuses the issue. If the admin really wants to send out this information, and he's evil, he can ask the question and ignore the answer. In other words, asking the user doesn't add any security, but it does add annoyance. The solution (to the problem that the user doesn't know that the admin violates his privacy) is to educate users that anything they do on a machine can be seen and modified by the administrator. Asking such questions to users suggests otherwise, which is a bad idea in itself IMO. The admin has full control over the machine, including all user data in it. Let's not pretend otherwise. On Sun, Feb 24, 2008 at 05:40:42PM -0500, Thomas Bushnell BSG wrote: > > they are also reluctant to override upstream's wishes without some > > clear Debian policy statement to the effect that this is not > > permissible. > > I'm unclear about this "override upstream's wishes" part. I have heard > this kind of thing a number of times, and I strongly disagree with it. > > Debian is not a conduit for upstream packages to get conveniently > compiled for Debian, is it? It's a coherent system. Debian maintainers > have the job of making their packages DTRT, whether upstream does that > or not, whether upstream agrees or not. I fully agree. > It sounds as if the maintainer is saying that upstream gets some kind of > veto, which can only be overridden if there is a "clear Debian policy > statement" on the point, and that is a mistaken and buggy approach. > Upstream doesn't get a veto. I don't think this was meant. However: > There are good social and technical reasons not to deviate from upstream > without good reasons, but this is a good reason, whether there is a > "clear policy" or not. Upstream appearantly isn't so impressed by this reason. For the maintainer, it is socially a good thing to have some formal document to point at; "this is how we do things in Debian" as opposed to "that's how I personally prefer things to be done". I share your feeling that some maintainers seem to not want to modify upstream's work except to fix "real" bugs that upstream will want to fix later. I think that we should make clear that this is not the Right Thing to do. Debian is about making the best possible OS. That includes consistency. If upstream's work is not consistent with the rest, we modify it, whether upstream likes it or not. The whole point of free software is that we can do that. However, good relations with upstream are valuable, and for that reason it is good to formally write down some things, like "our software doesn't by default connect to anything which isn't needed for it to function, and doesn't by default send more than needed to any server". Thanks, Bas -- I encourage people to send encrypted e-mail (see http://www.gnupg.org). If you have problems reading my e-mail, use a better reader. Please send the central message of e-mails as plain text in the message body, not as HTML and definitely not as MS Word. Please do not use the MS Word format for attachments either. For more information, see http://pcbcn10.phys.rug.nl/e-mail.html
Attachment:
signature.asc
Description: Digital signature