GNU bug report logs -
#31307
[PATCH] Add MAT, the Metadata Anonymisation Toolkit from Boum
Previous Next
Full log
Message #38 received at 31307 <at> debbugs.gnu.org (full text, mbox):
Leo Famulari transcribed 2.5K bytes:
> On Sat, May 05, 2018 at 10:33:45PM +0200, Ludovic Courtès wrote:
> > Chris Marusich <cmmarusich <at> gmail.com> skribis:
> > > Should we refrain from adding this package simply because the author is
> > > not maintaining it any more? I'm inclined to say "no", but one also has
> > > to consider whether it is a a good idea to encourage people to use an
> > > unmaintained tool for protecting their privacy/anonymity. I'm not sure.
> >
> > It’s risky, indeed. As time passes it’s likely to have more and more
> > known-but-unfixed security issues, which isn’t great. Leo, thoughts on
> > this situation?
>
> I see two different issues here:
>
> 1) The project is unmaintained (last release 2016) and the underlying
> platform (Python 2) will become unmaintained in January 2020.
>
> I think these maintenance issues are not a blocker in this case. We
> package lots of software that has been basically abandoned for longer
> than MAT. Its source repo saw activity in March. On this subject, we
> should think about building from HEAD since those new commits will
> probably never be "released".
>
> 2) The software is not guaranteed to achieve its goals.
>
> I think the idea of "anonymizing" a file is always going to be
> manifested as a goal rather than a full solution. No matter the level of
> upstream maintenance, anonymity can never be guaranteed.
>
> So, I think it's okay to add the package with a big warning in the
> description, maybe even saying something scary like "only recommended
> for educational and research activity".
I agree (and hope we won't just drop python-2 in 2020 because that would
be unreasonable).
This bug report was last modified 3 years and 218 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.