[Dev] the 'your-privacy' blacklisting process should be more rigorous

Andreas Grapentin andreas at grapentin.org
Tue Jun 20 04:45:06 GMT 2017

On Tue, Jun 20, 2017 at 12:32:45AM -0400, Bill Auger wrote:
> i propose that each of those blacklisted programs should have a
> detailed explanation as to what precisely are its problematical points
> - they should also indicate whether or not a replacement exists in the
> 'libre' or 'non-prism' repos and perhaps with a link to any relevant
> discussion that took place regarding that package and ideally pointing
> at the actual non-free components or privacy invading mechanism in the
> code itself - in cases where no replacement exists it would be
> reasonable to say why that is so (either it is technically not
> possible or simply no one has had the time to do it yet) - in the
> latter case it could also be added to the under-utilized "Package Todo
> List" https://www.parabola.nu/todo/ which currently has exactly 3
> items on it from 2010 - without such information only the person who
> blacklisted the package knows why and so it will probably never be
> rescued

+1 to this entire proposal.

I would just add that there should also be a wiki page outlining the
process of blacklisting packages that explicitly states these
documentation requirements, to make the process more fluid in the



my GPG Public Key:                 https://files.grapentin.org/.gpg/public.key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <https://lists.parabola.nu/pipermail/dev/attachments/20170620/71a58184/attachment.sig>

More information about the Dev mailing list