Hi! On 10.09.21 19:10, Russ Allbery wrote:
Felix Lechner <felix.lechner@lease-up.com> writes:The Policy Team was similarly reluctant. They have not acted on the matter in nearly eight years. [3]
In the interim, one path forward would be for someone who cares strongly about this area to write up a good guide for maintainers who have no expertise here and not a lot of time but a willingness to do something (this may already exist in the wiki), and then put that guide into the Developer's Reference (perhaps a "Best practices around privacy" section). That gets the information about what to do into our technical documentation and creates an on-ramp for elevating it to Policy advice and then possibly a Policy recommendation as the tools improve.
I love this idea.I believe it would have a much greater impact on the long term to raise awareness among maintainers.
There is a wiki page that references different privacy issues with Debian packages [https://wiki.debian.org/PrivacyIssues] and that could equally add some data and starting points for a "Best practices".
Another thing that I dit not see addressed in that matter is that fact that privacy issues should also be fixed upstream ("we will give back to the community", Debian Social Contract) - and with priority.
Take care, Ulrike