I disagree; it's basically lawyerspeak for "sucks to be you".

If one is expected to go through all the documentation of both the main package and all dependency packages, and also through whatever specific configuration details to your case, just to be able to catch a specific IMPORTANT detail that's not clearly spelled out in the main package, that's malicious.

"A dependency we use captures your clipboard data and sends it to remote servers"

That sentence right there would kill their userbase, so they omit warning you about it. And on top of the "...user should have read the description..." non-apology, "just split the packages, bro".

That's malicious.

▲

sejje 5 days ago | parent [-]

> That sentence right there would kill their userbase

No, it wouldn't. People don't take privacy very seriously.

	▲	devmor 5 days ago \| parent \| next [-]
		If this were about a Windows or MacOS program, sure. The overlap between Linux desktop users and digital privacy concerns is pretty large.
	▲	bornfreddy 5 days ago \| parent \| prev [-]
		This is Debian, of course they do. But it wouldn't kill their userbase because nobody reads the package descriptions anyway.