On Fri, 01 Aug 2025 at 11:23:41 +0200, Wouter Verhelst wrote:
Parental controls don't need a separate section. They need you to not give root access to the child.
No amount of parental-controls integration is going to prevent someone with root access from bypassing it, because the whole point of root access is that it's total control over the system, including the ability to add and remove parental-controls software.
I could see us perhaps add a field to debian/control to say "in jurisdiction X, this package is considered acceptable for people over Y years of age", and then add some controls in apt to disallow it to install packages marked as such
It's perhaps worth mentioning that Flatpak (which does allow installing apps without root access) has a simple implementation of parental controls via OARS <https://hughsie.github.io/oars/> metadata in the apps' Appstream metadata. The actual parental controls bit is the malcontent package (which I believe was originally developed for Endless OS, a Flatpak-centric Debian derivative), Flatpak just talks to it.
The quakespasm and crispy-doom packages are examples of .deb packages that contain non-trivial OARS metadata in their files in /usr/share/metainfo. An OARS rating is a requirement for Flatpak apps to be added to Flathub, and Appstream encourages sending all metadata upstream instead of maintaining it as a distro patch, so lots of other apps have one, even if the content rating is "there is nothing potentially objectionable here" (for example see gnome-calculator).
If this is something we want in the apt/dpkg ecosystem (more likely as an advisory thing than as a "gate", for the reasons above), then reusing the OARS vocabulary and its encoding into the Appstream metadata seems a lot more viable than inventing a Debian-specific thing that won't benefit from work done by other distributions and other packaging formats.
smcv