Re: Privacy policy of packages/softwares installed in Debian

[Jean-Philippe MENGUAL <jpmengual@debian.org>]

Hi,

Do you know wether FSF or OSI has some tmplate, just like licnese 
examples, for such thing?

With a tmplate, maybe Debian might accept to ship it to the packages 
like thy include COPYRIGHT, or displaying a screen to mention privacy 
policy.

One thing seems sure, Debian will never have a privacy policy, I think, 
but maaybe may request any package (or some packages) to include a 
PRIVACY file. Should require to change the Debian maintainer and dev policy.

Regards


Regards,


Jean-Philippe MENGUAL

Le 10/06/2019 à 09:08, npdflr a écrit :
> Thanks Jean for your reply.
>
> Non-free packages should definitely be checked with their privacy 
> policy. But what about free packages?
>
> The license for the Go programming language is 
> https://golang.org/LICENSE which is free but the privacy policy is 
> invasive https://policies.google.com/privacy?hl=en
> (Note: it also has a patent file with some restrictions which can make 
> the package non-free perhaps, would give more details if required)
>
> Free networking applications like browsers, p2p applications etc would 
> definitely require internet but other free apps also connect with the 
> internet automatically when starting for the first time (Eg: aseprite, 
> libreoffice) or when checking for updates. One can know this via an 
> application-based firewall.
>
> Free packages are available via main repositories (through terminal apt 
> commands or a package manager) and also via other ways like websites, 
> terminal commands like wget, curl etc, offline archive files etc.
>
> Would you say that all free packages via main repositories and via other 
> ways (after checking their license to be DFSG-compliant) can be safely 
> be allowed to connect to the internet?
>
> Thanks.
>
>
> ---- On Sun, 09 Jun 2019 05:49:01 -0700 *Jean-Philippe MENGUAL 
> <jpmengual@debian.org <mailto:jpmengual@debian.org>>* wrote ----
>
>     Hi,
>
>     Privacy policy makes sense for software you quote, eithr because
>     they are closd-code, or because thy are in the cloud and users send
>     data to servers, so it is important to know what do this data once sent.
>
>     Debian provides free software and does not support non-free one even
>     if they exist in the Debian infra. They provide tools to be
>     installed on your computer. So when you install a program in Debian,
>     you can check the code, but more important, you dont send data to an
>     external source.
>
>     Then I dont think Debian needs a privacy policy. Neither Debian, nor
>     the packages themselves collect the user data. And it would be a
>     problem to do this, from the socail contract.
>
>     I think we can consider having a thought about it if some program
>     collects data. For a non free program, this should be in its licene
>     or on th websie of its provider.
>
>     Regards
>
>
>
>
>     Jean-Philippe MENGUAL
>
>     Le 08/06/2019 à 20:02, npdflr a écrit :
>
>
>         Hello,
>         How can one check the privacy policy for the packages/softwares
>         (which can be free or non-free) installed in Debian?
>
>         If one is downloading and installing a package from a website
>         then he/she can check the privacy policy link on that website.
>         Example:
>         -- Skype (https://www.skype.com/en/get-skype/) which has privacy
>         policy: https://privacy.microsoft.com/en-US/privacystatement
>         -- Go programming language (https://golang.org/) which has
>         privacy policy: https://policies.google.com/privacy?hl=en
>
>         But if one is downloading a package (which may also install
>         dependency packages) via terminal or synaptic package manager
>         then how can one check the privacy policy of that package?
>
>         Thank you.