[bug#31307] [PATCH] Add MAT, the Metadata Anonymisation Toolkit from Boum

[Nils Gillmann]

Leo Famulari transcribed 2.5K bytes:
> On Sat, May 05, 2018 at 10:33:45PM +0200, Ludovic Courtès wrote:
> > Chris Marusich <address@hidden> skribis:
> > > Should we refrain from adding this package simply because the author is
> > > not maintaining it any more?  I'm inclined to say "no", but one also has
> > > to consider whether it is a a good idea to encourage people to use an
> > > unmaintained tool for protecting their privacy/anonymity.  I'm not sure.
> > 
> > It’s risky, indeed.  As time passes it’s likely to have more and more
> > known-but-unfixed security issues, which isn’t great.  Leo, thoughts on
> > this situation?
> 
> I see two different issues here:
> 
> 1) The project is unmaintained (last release 2016) and the underlying
> platform (Python 2) will become unmaintained in January 2020.
> 
> I think these maintenance issues are not a blocker in this case. We
> package lots of software that has been basically abandoned for longer
> than MAT. Its source repo saw activity in March. On this subject, we
> should think about building from HEAD since those new commits will
> probably never be "released".
> 
> 2) The software is not guaranteed to achieve its goals.
> 
> I think the idea of "anonymizing" a file is always going to be
> manifested as a goal rather than a full solution. No matter the level of
> upstream maintenance, anonymity can never be guaranteed.
> 
> So, I think it's okay to add the package with a big warning in the
> description, maybe even saying something scary like "only recommended
> for educational and research activity".

I agree (and hope we won't just drop python-2 in 2020 because that would
be unreasonable).