[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#31307] [PATCH] Add MAT, the Metadata Anonymisation Toolkit from Bou
From: |
Nils Gillmann |
Subject: |
[bug#31307] [PATCH] Add MAT, the Metadata Anonymisation Toolkit from Boum |
Date: |
Sat, 16 Jun 2018 13:42:49 +0000 |
Leo Famulari transcribed 2.5K bytes:
> On Sat, May 05, 2018 at 10:33:45PM +0200, Ludovic Courtès wrote:
> > Chris Marusich <address@hidden> skribis:
> > > Should we refrain from adding this package simply because the author is
> > > not maintaining it any more? I'm inclined to say "no", but one also has
> > > to consider whether it is a a good idea to encourage people to use an
> > > unmaintained tool for protecting their privacy/anonymity. I'm not sure.
> >
> > It’s risky, indeed. As time passes it’s likely to have more and more
> > known-but-unfixed security issues, which isn’t great. Leo, thoughts on
> > this situation?
>
> I see two different issues here:
>
> 1) The project is unmaintained (last release 2016) and the underlying
> platform (Python 2) will become unmaintained in January 2020.
>
> I think these maintenance issues are not a blocker in this case. We
> package lots of software that has been basically abandoned for longer
> than MAT. Its source repo saw activity in March. On this subject, we
> should think about building from HEAD since those new commits will
> probably never be "released".
>
> 2) The software is not guaranteed to achieve its goals.
>
> I think the idea of "anonymizing" a file is always going to be
> manifested as a goal rather than a full solution. No matter the level of
> upstream maintenance, anonymity can never be guaranteed.
>
> So, I think it's okay to add the package with a big warning in the
> description, maybe even saying something scary like "only recommended
> for educational and research activity".
I agree (and hope we won't just drop python-2 in 2020 because that would
be unreasonable).