libweather-ion6 seems is just an interface for plugins to use for fetching weather data. The name of the first package suggests something similar. Maybe this functionality is not used without activating the geolocation/weather widgets?
I find this KWallet stuff very annoying outside and unrelated to Whonix. WiFi passwords are not simply stored and it no longer auto connects - each time it asks the wallet password. So I must figure out how to disable the wallet stuff. Usability issue.
The files are small and don’t interfere with the other hypervisor. For simplicity the build system output gives builds of both versions KVM and Vbox in one run.
For simplicity, time saving and better usability for me personally, official downloadable Non-Qubes-Whonix builds are created with --target virtualbox and --target qcow2 at the same time.
Thanks for getting the ball rolling Patrick. Very useful discussion
python-requests: fixed upstream
pip: leaks info about system package versions.
gnome-calculator: sets cookie. Bug open upstream for 2 years but not fixed by devs. Workaround is being done with Flatpak restrictions.
weather applications: leak location data but none enabled by default
Some advocate using sandbox frameworks like flatpak for blocking leaky apps.
Debian probably needs a privacy team to audit all packages that send
data to the network and develop mitigation, configuration or patches
to counter these.
+10 I strongly support Paul’s plan to have a review team look through packages and engage upstream projects to clean up leaks. He is open to attending a brainstorm session at DebConf16 if someone organizes it.
Some people may complain but no one needs a package manager (python-pip) that still doesn’t support GPG signed packages and never will. After years of arguing they implemented TLS downloads and enabled it by default but as anyone knows this is not enough.
Weather widgets I can’t touch because they are reverse dependencies of core DE packages. The good thing is the user has to go out of their way to shoot themselves in the foot.
AppImage is supposed to be distro agnostic packaging format recently supported by Firejail. With TUF to secure app integrity and delivery we have a good combination.