[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Phoning home

On Sun, Feb 24, 2008 at 08:27:59PM -0600, Raphael Geissert wrote:
> > On Sun, Feb 24, 2008 at 07:44:53PM -0600, Raphael Geissert wrote:
> >> The problem I see here is that admin != user in all the situations.
> >> IMO it should ask, or at least warn, the user and not the admin.
> >> Because in the end is the user's privacy the one affected, not the
> >> administrator's.
> All it has to do is check if the user has already been warned and if
> not do it, of course only when the program is run.

You make it sound as if that's simple (it is) and good (it's not, IMO),
but I think it very much resembles having to click through a license for
every package you install.  One of the nice things about Debian is that
the user doesn't need to worry about such things: Debian makes sure
things are fine.

IMO a dialog asking me if I want to send information to upstream is
annoying.  Getting one for every program for every user makes Debian
significantly worse for our users.  Let's not go that way, please.

> If there's no easy way to do it then just for the sake of simplicity a
> patch rewriting the 'phoning home' function should be written.

In all cases, a patch disabling the "feature" would be acceptable.  If
it makes upstream really happy, I can live with an option to enable the
functionality.  But it must be disabled by default, and the user must
not be asked anything (unless perhaps they have a "low" debconf
treshold).  See also my comments to Thomas' e-mail below.

> IMHO that sounds more reasonable than letting the admin decide about the
> users privacy.

As a user, if you don't trust the admin, you shouldn't use the machine.
More specifically, you shouldn't give any data to a computer that you
don't trust the administrator with.  If the administrator turns such a
feature on, then that's the person who passes your information to
upstream.  They can do this anyway.  Annoying the user just confuses the
issue.  If the admin really wants to send out this information, and he's
evil, he can ask the question and ignore the answer.

In other words, asking the user doesn't add any security, but it does
add annoyance.

The solution (to the problem that the user doesn't know that the admin
violates his privacy) is to educate users that anything they do on a
machine can be seen and modified by the administrator.  Asking such
questions to users suggests otherwise, which is a bad idea in itself

The admin has full control over the machine, including all user data in
it.  Let's not pretend otherwise.

On Sun, Feb 24, 2008 at 05:40:42PM -0500, Thomas Bushnell BSG wrote:
> > they are also reluctant to override upstream's wishes without some
> > clear Debian policy statement to the effect that this is not
> > permissible.
> I'm unclear about this "override upstream's wishes" part.  I have heard
> this kind of thing a number of times, and I strongly disagree with it.
> Debian is not a conduit for upstream packages to get conveniently
> compiled for Debian, is it?  It's a coherent system.  Debian maintainers
> have the job of making their packages DTRT, whether upstream does that
> or not, whether upstream agrees or not.

I fully agree.

> It sounds as if the maintainer is saying that upstream gets some kind of
> veto, which can only be overridden if there is a "clear Debian policy
> statement" on the point, and that is a mistaken and buggy approach.
> Upstream doesn't get a veto.

I don't think this was meant.  However:

> There are good social and technical reasons not to deviate from upstream
> without good reasons, but this is a good reason, whether there is a
> "clear policy" or not.

Upstream appearantly isn't so impressed by this reason.  For the
maintainer, it is socially a good thing to have some formal document to
point at; "this is how we do things in Debian" as opposed to "that's how
I personally prefer things to be done".

I share your feeling that some maintainers seem to not want to modify
upstream's work except to fix "real" bugs that upstream will want to fix
later.  I think that we should make clear that this is not the Right
Thing to do.  Debian is about making the best possible OS.  That
includes consistency.  If upstream's work is not consistent with the
rest, we modify it, whether upstream likes it or not.  The whole point
of free software is that we can do that.

However, good relations with upstream are valuable, and for that reason
it is good to formally write down some things, like "our software
doesn't by default connect to anything which isn't needed for it to
function, and doesn't by default send more than needed to any server".


I encourage people to send encrypted e-mail (see http://www.gnupg.org).
If you have problems reading my e-mail, use a better reader.
Please send the central message of e-mails as plain text
   in the message body, not as HTML and definitely not as MS Word.
Please do not use the MS Word format for attachments either.
For more information, see http://pcbcn10.phys.rug.nl/e-mail.html

Attachment: signature.asc
Description: Digital signature

Reply to: