Re: Privacy guarantees
On Sat, 11 Sep 2021 08:18:16 +0200,
Paul Wise wrote:
>
> On Fri, Sep 10, 2021 at 2:44 PM Felix Lechner wrote:
>
> > Would this esteemed group please advise if the topic is in some form
> > suitable for a General Resolution?
>
> I'm not sure a GR is the appropriate mechanism to fix privacy issues
> in Debian, instead I would encourage interested folks to form a group
> focused on detecting, fixing and mitigating these issues. See the work
> of the Reproducible Builds folks for an example how such a group can
> move Free Software forward on a particular issue.
The discussion in the lintain bug is about whether these issues need
to be fixed at all (and thus what the lintain severity should be).
Creating a group focused solely on fixing the issues won't resolve
that discussion. My guess is that there is a majority in the project
that thinks these issues are worth fixing and my personal expectation
was actually also that Debian does this, but there actually isn't any
policy saying this!
I think we should actually work on creating such a policy and as far
as I can see a GR would then be an appropriate mechanism to make it
official. Although my time is limited, I'd like to help with this.
So I'd like to see a group with a broader focus. It would not only
work on detecting, fixing and mitigating issues, but also on creating
a policy. And we could also work on things like recommendations on how
to do opt-in for data sharing in the software we ship.
Shall we create a debian-privacy list for this?
Kind regards,
Jeroen Dekkers
Reply to: