Comment by pabs3
10 hours ago
There are numerous privacy issues in distros, some known, most probably unknown, some examples from Debian:
https://wiki.debian.org/PrivacyIssues
Luckily there are things like opensnitch that can block some of these issues:
Your link is about privacy issues in upstream software that Debian hasn't sufficiently worked around yet. The main advantage of the Distro model (as opposed to developer-maintained package ecosystems) is exactly that there is someone protecting you from questionable software "features".
I don't think Debian intentionally shields you from privacy-invading software. Other distros may differ on this point.
Debian does not mandate anything about privacy in its Policy Manual (which are the standards for selecting and packaging software that maintainers must adhere to): https://www.debian.org/doc/debian-policy/search.html?q=priva...
There's also no insistence on privacy in the Debian Social Contract or DFSG (not that these would be appropriate places for it, they're mainly about licensing)
Who protects you when the packagers decide to trust a shady CA (adding it to the root store) because it's used by the distro's infra?
Is this supposed to be some kind of gotcha argument? Against what?
1 reply →
That is interesting.
There is nothing in that list anything like as bad as this. The next worst is Chromium which is no surprise.
Are you saying it's an ordinary behavior? There's nothing coming close in your links, especially in Debian.