[alsa-devel] alsa-info security/privacy concerns
Greetings,
The auto-uploading behavior of http://www.alsa-project.org/alsa-info.sh makes it act like a spyware. This makes some users - including me in the first try - astonishing and uncomfortable.
I'd like to fix it by 1) adding user prompt 2) defaulting to --no-upload and introduce --upload
Before going for the code, I'd like to ask for your opinions, especially on (2).
Thank you.
Fengguang
On Wed, 7 Jan 2009, Wu Fengguang wrote:
Greetings,
The auto-uploading behavior of http://www.alsa-project.org/alsa-info.sh makes it act like a spyware.
The script always prompts before the upload action, so user can break it. Just read the first dialog.
Jaroslav
----- Jaroslav Kysela perex@perex.cz Linux Kernel Sound Maintainer ALSA Project, Red Hat, Inc.
Hi Jaroslav,
On Wed, Jan 07, 2009 at 10:22:13AM +0200, Jaroslav Kysela wrote:
On Wed, 7 Jan 2009, Wu Fengguang wrote:
Greetings,
The auto-uploading behavior of http://www.alsa-project.org/alsa-info.sh makes it act like a spyware.
The script always prompts before the upload action, so user can break it. Just read the first dialog.
What I'd like to add is a dedicated dialog for the warning message and let users interactively choose between yes/no for uploading.
Doesn't it sound reasonable?
Thanks, Fengguang
At Wed, 7 Jan 2009 16:33:06 +0800, Wu Fengguang wrote:
Hi Jaroslav,
On Wed, Jan 07, 2009 at 10:22:13AM +0200, Jaroslav Kysela wrote:
On Wed, 7 Jan 2009, Wu Fengguang wrote:
Greetings,
The auto-uploading behavior of http://www.alsa-project.org/alsa-info.sh makes it act like a spyware.
The script always prompts before the upload action, so user can break it. Just read the first dialog.
What I'd like to add is a dedicated dialog for the warning message and let users interactively choose between yes/no for uploading.
Doesn't it sound reasonable?
[Added Travis to Cc]
I like the idea. We can give the following options:
- the greeting dialog informs that the script collects info, waits for Y/N or OK button. - when --upload option is given, the data will be automatically uploaded. - when --no-upload option is given, the data is just stored locally and quit. - when neither options are given, show a dialog to ask to upload or not.
Takashi
On Wed, Jan 07, 2009 at 11:04:31AM +0200, Takashi Iwai wrote:
At Wed, 7 Jan 2009 16:33:06 +0800, Wu Fengguang wrote:
Hi Jaroslav,
On Wed, Jan 07, 2009 at 10:22:13AM +0200, Jaroslav Kysela wrote:
On Wed, 7 Jan 2009, Wu Fengguang wrote:
Greetings,
The auto-uploading behavior of http://www.alsa-project.org/alsa-info.sh makes it act like a spyware.
The script always prompts before the upload action, so user can break it. Just read the first dialog.
What I'd like to add is a dedicated dialog for the warning message and let users interactively choose between yes/no for uploading.
Doesn't it sound reasonable?
[Added Travis to Cc]
I like the idea. We can give the following options:
- the greeting dialog informs that the script collects info, waits for Y/N or OK button.
- when --upload option is given, the data will be automatically uploaded.
- when --no-upload option is given, the data is just stored locally and quit.
- when neither options are given, show a dialog to ask to upload or not.
Good ideas, I'd embrace them!
Thanks, Fengguang
participants (3)
-
Jaroslav Kysela -
Takashi Iwai -
Wu Fengguang