Bug#898479: [gnome] gnome-software should detach fwupd as a dependency

kardan kardan at riseup.net
Sat May 12 13:00:07 BST 2018

Package: gnome
Severity: normal

gnome-software depends on fwupd which triggers web requests containing
"client user-agent, IP address, timestamp, OS distribution name and OS
version to fwupd.org upon each firmware downloading process (or
checking for firmware updates manually by the user)"  without the
knowledge of the user. The metadata is downloaded from a CDN hosted by amazon.


Please follow the suggestions of above article:

"We believe the following should be taken into consideration to solve
the issues above:

    GNOME Software should detach fwupd as a dependency. Because if
    fwupd package is installed, it will auto-check for updates in the
    background (fwupd daemon will autostart after boot) and it will
    send the data to fwupd.org automatically.

    GNOME Software should disable the service of using fwupd.org for
    firmware updates by default. Users wishing to subscribe to such
    service should opt-in their selves.

    Upon activation of fwupd service, a privacy policy dialog should be
    displayed telling users about what’s going to be collected and why."


More information about the pkg-gnome-maintainers mailing list