Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
account42 6 days ago

Your link is about privacy issues in upstream software that Debian hasn't sufficiently worked around yet. The main advantage of the Distro model (as opposed to developer-maintained package ecosystems) is exactly that there is someone protecting you from questionable software "features".

amiga386 5 days ago | parent | next [-]

I don't think Debian intentionally shields you from privacy-invading software. Other distros may differ on this point.

Debian does not mandate anything about privacy in its Policy Manual (which are the standards for selecting and packaging software that maintainers must adhere to): https://www.debian.org/doc/debian-policy/search.html?q=priva...

There's also no insistence on privacy in the Debian Social Contract or DFSG (not that these would be appropriate places for it, they're mainly about licensing)

fsflover 5 days ago | parent | next [-]

> I don't think Debian intentionally shields you from privacy-invading software.

Don't they change the Firefox defaults for more privacy?

pabs3 5 days ago | parent [-]

They do indeed, probably other packages have patches too.

pabs3 5 days ago | parent | prev [-]

> I don't think Debian intentionally shields you from privacy-invading software

There is a culture of valuing privacy though, including patching out privacy issues. Especially since a lot of Debian folks are from Europe, with corresponding GDPR knowledge.

I know that the lintian warnings pointing out privacy issues in HTML documentation do get a lot of patches.

Also, opensnitch is packaged as a mitigation.

You are right about the policy problem, Debian really needs to do something about that.

There is at least a privacy policy for Debian services.

https://www.debian.org/legal/privacy

GrayShade 6 days ago | parent | prev | next [-]

Who protects you when the packagers decide to trust a shady CA (adding it to the root store) because it's used by the distro's infra?

account42 6 days ago | parent [-]

Is this supposed to be some kind of gotcha argument? Against what?

GrayShade 6 days ago | parent [-]

Not exactly the same thing, but see https://en.wikipedia.org/wiki/GNU_IceCat#Additional_security....

pabs3 5 days ago | parent | prev [-]

Agreed, but it is definitely not enough, which is why some Debian folks packaged opensnitch.