On Sat, 11 Sep 2021 08:18:16 +0200, Paul Wise wrote: > > On Fri, Sep 10, 2021 at 2:44 PM Felix Lechner wrote: > > > Would this esteemed group please advise if the topic is in some form > > suitable for a General Resolution? > > I'm not sure a GR is the appropriate mechanism to fix privacy issues > in Debian, instead I would encourage interested folks to form a group > focused on detecting, fixing and mitigating these issues. See the work > of the Reproducible Builds folks for an example how such a group can > move Free Software forward on a particular issue.
The discussion in the lintain bug is about whether these issues need to be fixed at all (and thus what the lintain severity should be). Creating a group focused solely on fixing the issues won't resolve that discussion. My guess is that there is a majority in the project that thinks these issues are worth fixing and my personal expectation was actually also that Debian does this, but there actually isn't any policy saying this! I think we should actually work on creating such a policy and as far as I can see a GR would then be an appropriate mechanism to make it official. Although my time is limited, I'd like to help with this. So I'd like to see a group with a broader focus. It would not only work on detecting, fixing and mitigating issues, but also on creating a policy. And we could also work on things like recommendations on how to do opt-in for data sharing in the software we ship. Shall we create a debian-privacy list for this? Kind regards, Jeroen Dekkers
