GNU bug report logs -
#31307
[PATCH] Add MAT, the Metadata Anonymisation Toolkit from Boum
Previous Next
Full log
Message #32 received at 31307 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Sat, May 05, 2018 at 10:33:45PM +0200, Ludovic Courtès wrote:
> Chris Marusich <cmmarusich <at> gmail.com> skribis:
> > Should we refrain from adding this package simply because the author is
> > not maintaining it any more? I'm inclined to say "no", but one also has
> > to consider whether it is a a good idea to encourage people to use an
> > unmaintained tool for protecting their privacy/anonymity. I'm not sure.
>
> It’s risky, indeed. As time passes it’s likely to have more and more
> known-but-unfixed security issues, which isn’t great. Leo, thoughts on
> this situation?
I see two different issues here:
1) The project is unmaintained (last release 2016) and the underlying
platform (Python 2) will become unmaintained in January 2020.
I think these maintenance issues are not a blocker in this case. We
package lots of software that has been basically abandoned for longer
than MAT. Its source repo saw activity in March. On this subject, we
should think about building from HEAD since those new commits will
probably never be "released".
2) The software is not guaranteed to achieve its goals.
I think the idea of "anonymizing" a file is always going to be
manifested as a goal rather than a full solution. No matter the level of
upstream maintenance, anonymity can never be guaranteed.
So, I think it's okay to add the package with a big warning in the
description, maybe even saying something scary like "only recommended
for educational and research activity".
[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 3 years and 219 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.