Bug#898479: [gnome] gnome-software should detach fwupd as a dependency
Jeremy Bicha
jbicha at debian.org
Sat May 12 16:00:03 BST 2018
On Sat, May 12, 2018 at 10:45 AM, kardan <kardan at riseup.net> wrote:
>> What is your exact privacy concern and why is it so important that it
>> outweighs our users having outdated firmware for their hardware, some
>> with potential known security vulnerabilities?
>
> A service hosted by amazon may not meet the high standards for FOSS.
Amazon also is one of the two hosts behind the very popular
https://deb.debian.org/ service which I think is the default apt
mirror for Debian 9!
Respectfully, there is nothing in the Debian Social Contract, the
DFSG, or Debian Policy that forbids using Amazon hosting.
If that is your only specific privacy concern, then it sounds like
that is already in progress and does not need to prevent inclusion of
fwupd by default in Debian GNOME for the Buster release.
Otherwise, what specific data do you consider to be private but is
shared with the fwupd maintainers and their partners?
> Wouldn't it be more useful to provide a software that does not depend
> on a single DE for updating firmware.
Sorry, but the dependency is the other way around. It is the desktop's
responsibility to integrate with fwupd. fwupd does not need to provide
apps for every desktop for Debian GNOME to include it by default.
> Another question, is who audits .cab files before they are delivered to
> users:
>
> Where can I find more info about this QA team?
I think those questions are better addressed to LVFS directly, not a
Debian bug tracker.
Thanks,
Jeremy Bicha
More information about the pkg-gnome-maintainers
mailing list