+1
I think that if OpenWrt devices started *by default* to « phone home » (whether
directly or via an in-browser query), that would certainly be a concern.
Such a feature - while appealing - should *absolutely* be an opt-in, and not an
opt-out.
Opt-out may also have legal implications (e.g. GDPR?).
FWIW, CRA implies that it _should_ be _opt out_ for updates, and they
should be enabled by default. Yes, I know some people don't like that,
but people don't opt in :)
Annex I, 2c)
"ensure that vulnerabilities can be addressed through security updates,
including, where applicable, through automatic security updates that
are installed within an appropriate timeframe enabled as a default
setting, with a clear and easy-to-use opt-out mechanism, through the
notification of available updates to users, and the option to temporarily
postpone them;"
I would believe Hauke is looking at this from a CRA compliance
viewpoint, ... yeah, it should be opt out, not in....
Sincerely,
Karl Palsson
_______________________________________________
openwrt-devel mailing list
[email protected]
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
