Contents
This Debian Privacy Tools Maintainers packaging team takes care of privacy and anonymity related packages in Debian. It was previously called Anonymity Tools packaging team and OTR packaging team. Not all packages related to privacy are handled by our team though (see tor) and there is no obligation to do so.
Infrastructure
Interacting with the team
Email contact: pkg-privacy-maintainers@lists.alioth.debian.org
Get involved
Package Maintainers & Team membership
Our team processes Git repository contains our Membership and decision making policy. You may request membership via our Salsa page. We will then, following this policy, decide upon your request. The abovementioned document also contains information on decision making processes within our team.
We use a mailing list to communicate with each other.
The email address of this list is also the address used as "Maintainer:" control field of team-maintained packages. See pkg privacy process.
Furthermore, we have a dedicated mailing list for commits related to team maintained packages.
Tools & Processes
Please read the information in team processes Git repository, in particular our membership and decision making process policy, that also contains some information about package team maintenance.
Furthermore:
We are maintaining the packaging in Git, using gbp.
- Whenever possible, use the upstream signed Git tag as the canonical upstream release, and generate the tarball ourselves.
- We are using source format 3.0 (quilt).
Git branch layout should follow gbp's recommendations and defaults if possible, see file:///usr/share/doc/git-buildpackage/manual-html/gbp.intro.html#GBP.REPOSITORY
- We don't apply patches to the upstream source that have not been submitted upstream yet (if applicable).
Developers & Bug Triagers
Help squash bugs
Have a look at the bug tracker if you want to help squash bugs from various projects. If you would like to do this long-term, we encourage you to subscribe to the mailing-list.
Bug Triagers
Triaging bugs is welcome!
Users
Reporting bugs
We like to fix bugs in anonymity software. If it's not Debian specific, we'll forward it to upstream. An example of a bug email can be found below.
To: submit@bugs.debian.org From: diligent@testing.linux.org Subject: Cannot launch the Tor Browser Package: torbrowser-launcher Version: 0.1.0-1.2 Severity: serious There is some sort of error with twisted preventing the version check information from being downloaded, which in turn prevents the Tor Browser from starting at all. Here is my output: <output> I am using Debian GNU/Linux 7, Kernel: Linux 3.14-1-amd64 (SMP w/4 CPU cores).
Privacy in Debian beyond this packaging team
Usertag bugs
As the Debian BTS is package centric, when you report a bug, only the package maintainers will be made of aware of this bug. However, if you've found a privacy issue in a software not maintained by the privacy team, you can make us aware of it by usertagging a bug for us.
By email
Basically, you would send an email to control@bugs.debian.org with the following content:
user pkg-privacy-team@lists.alioth.debian.org usertags #123456 + privacy thanks
where "123456" is your bug number, and "privacy" the tag you want to add to the bug.
There can be multiple lines with different usertags in such an email.
Delete a usertag like this:
user pkg-privacy-team@lists.alioth.debian.org usertags #123456 - privacy thanks
This would delete the tag "privacy" on bug number #123456
Using the CLI
The bts command is provided by the devscripts package.
bts user pkg-privacy-team@lists.alioth.debian.org . usertags #123456 + privacy-
where "123456" is your bug number, and "privacy" the tag you want to add to the bug.
Tag packages
It is not part of our team's work, but we are interested in maintaining a list of privacy-related packages in Debian as well as in providing information to users who install packages about the privacy status of packages.
Debtags
On Debtags it is possible to tag packages related to privacy (use tag Security::privacy) and also to tag packages that do *not* respect user's privacy (use tags Privacy::).
The current list of tags relies on a list introduced by F-Droid ♡ that we adapted to our use case:
Facet: privacy Description: Privacy issues or anti-features See https://f-droid.org/wiki/page/Antifeatures Tag: privacy::no-known-issues Description: No known issues The package has been checked and no known privacy issues or anti-features were found Tag: privacy::ads Description: Advertisement The software contains advertising Tag: privacy::tracking Description: Tracking The software tracks and/or reports your activity to somewhere, either without your permission, or by default (i.e. you’d have to actively disable it) Tag: privacy::network-traffic Description: Network traffic The software reveals information about the user activity by accessing assets or other information over the network without asking for the user's permission Tag: privacy::non-free-service Description: Non-free Network Services The software promotes or depends entirely on a non-Free network service Tag: privacy::non-free-addons Description: Non free Addons The software promotes other non-Free apps or plugins Tag: privacy::deprecated-crypto Description: Deprecated crypto The software needs deprecated, known to be insecure, cryptographical algorithms and protocols
We are looking for volunteers to implement showing these tags in apt and Gnome Software Center.
Information about Privacy Issues
We've created a page to collect all sorts of privacy issues with software in Debian. Please help to expand this page so that other users might check a software's privacy status. Thanks!