From: Leo Famulari <leo@famulari.name>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: Chris Marusich <cmmarusich@gmail.com>, 31307@debbugs.gnu.org
Subject: [bug#31307] [PATCH] Add MAT, the Metadata Anonymisation Toolkit from Boum
Date: Sun, 6 May 2018 15:44:44 -0400 [thread overview]
Message-ID: <20180506194444.GB8038@jasmine.lan> (raw)
In-Reply-To: <877eohrgeu.fsf@gnu.org>
[-- Attachment #1: Type: text/plain, Size: 1524 bytes --]
On Sat, May 05, 2018 at 10:33:45PM +0200, Ludovic Courtès wrote:
> Chris Marusich <cmmarusich@gmail.com> skribis:
> > Should we refrain from adding this package simply because the author is
> > not maintaining it any more? I'm inclined to say "no", but one also has
> > to consider whether it is a a good idea to encourage people to use an
> > unmaintained tool for protecting their privacy/anonymity. I'm not sure.
>
> It’s risky, indeed. As time passes it’s likely to have more and more
> known-but-unfixed security issues, which isn’t great. Leo, thoughts on
> this situation?
I see two different issues here:
1) The project is unmaintained (last release 2016) and the underlying
platform (Python 2) will become unmaintained in January 2020.
I think these maintenance issues are not a blocker in this case. We
package lots of software that has been basically abandoned for longer
than MAT. Its source repo saw activity in March. On this subject, we
should think about building from HEAD since those new commits will
probably never be "released".
2) The software is not guaranteed to achieve its goals.
I think the idea of "anonymizing" a file is always going to be
manifested as a goal rather than a full solution. No matter the level of
upstream maintenance, anonymity can never be guaranteed.
So, I think it's okay to add the package with a big warning in the
description, maybe even saying something scary like "only recommended
for educational and research activity".
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
next prev parent reply other threads:[~2018-05-06 19:45 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-04-28 21:38 [bug#31307] [PATCH] Add MAT, the Metadata Anonymisation Toolkit from Boum Chris Marusich
2018-04-28 22:11 ` Nils Gillmann
2018-04-29 3:09 ` Chris Marusich
2018-04-29 8:18 ` Chris Marusich
2018-05-02 6:00 ` Chris Marusich
2018-05-02 6:12 ` Nils Gillmann
2018-05-05 20:33 ` Ludovic Courtès
2018-05-05 21:37 ` Chris Marusich
2018-05-06 19:26 ` Leo Famulari
2018-05-06 19:44 ` Leo Famulari [this message]
2018-06-15 7:06 ` Ludovic Courtès
2018-07-05 8:29 ` Chris Marusich
2018-06-16 13:42 ` Nils Gillmann
2021-09-13 2:26 ` Sarah Morgensen
2021-11-08 1:34 ` [bug#31307] [PATCH] Add MAT, the Metadata Anonymisation Toolkit Denis 'GNUtoo' Carikli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180506194444.GB8038@jasmine.lan \
--to=leo@famulari.name \
--cc=31307@debbugs.gnu.org \
--cc=cmmarusich@gmail.com \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).