[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#31307] [PATCH] Add MAT, the Metadata Anonymisation Toolkit from Bou
|
From: |
Leo Famulari |
|
Subject: |
[bug#31307] [PATCH] Add MAT, the Metadata Anonymisation Toolkit from Boum |
|
Date: |
Sun, 6 May 2018 15:44:44 -0400 |
|
User-agent: |
Mutt/1.9.5 (2018-04-13) |
On Sat, May 05, 2018 at 10:33:45PM +0200, Ludovic Courtès wrote:
> Chris Marusich <address@hidden> skribis:
> > Should we refrain from adding this package simply because the author is
> > not maintaining it any more? I'm inclined to say "no", but one also has
> > to consider whether it is a a good idea to encourage people to use an
> > unmaintained tool for protecting their privacy/anonymity. I'm not sure.
>
> It’s risky, indeed. As time passes it’s likely to have more and more
> known-but-unfixed security issues, which isn’t great. Leo, thoughts on
> this situation?
I see two different issues here:
1) The project is unmaintained (last release 2016) and the underlying
platform (Python 2) will become unmaintained in January 2020.
I think these maintenance issues are not a blocker in this case. We
package lots of software that has been basically abandoned for longer
than MAT. Its source repo saw activity in March. On this subject, we
should think about building from HEAD since those new commits will
probably never be "released".
2) The software is not guaranteed to achieve its goals.
I think the idea of "anonymizing" a file is always going to be
manifested as a goal rather than a full solution. No matter the level of
upstream maintenance, anonymity can never be guaranteed.
So, I think it's okay to add the package with a big warning in the
description, maybe even saying something scary like "only recommended
for educational and research activity".
signature.asc
Description: PGP signature