On Thu, 24 Mar 2005, Johnny Lam wrote:
> >What does "phones-home-by-default" mean exactly? If this is basically
> >"spy ware", then any pkg that does this should be removed from pkgsrc.

Yes, it's spyware, but it has a command line option to tell it not to
act as spyware.  It fetches a web page from its home site, ignoring
the http_proxy environment variable, and deliberately constructing a
user-agent string to identify several things about your system.  Here's
an example from the ntop/html/privacyNotice.html file that you get if
you do (cd pkgsrc/net/ntop ; make extract):

  ntop/2.2.98 host/i686-pc-linux-gnu distro/redhat release/9
  kernrlse/2.4.20-8sm GCC/3.2.2 config(i18n) run(i; u; P; w; t;
  logextra; m; instantsessionpurge; schedyield; d; usesyslog=; t)
  gdbm/1.8.0 openssl/0.9.7a zlib/1.1.4 access/http interfaces(eth0,eth1)

The home site gets that information, plus your IP address, in
their logs.

> No, the right approach is to warn explicitly that this behavior occurs. 
>  I see no reason to be prejudicial against these types of packages by 
> removing them from pkgsrc, and I haven't heard any good arguments to 
> make this case yet.

I agree.  There's no need to remove such things from pkgsrc, but I
would like them not to be built or installed without deliberate special
action.  Just printing a message at install time is not enough, because
those often messages fly past too fast to read.  A mechanism like the
existing LICENSE mechanism would be good.

ACCEPT_NASTY.ntop=spyware
ACCEPT_NASTY.firefox=spyware
ACCEPT_NASTY.opera=closed-source
ACCEPT_NASTY.suse91_*=open-source-but-third-party-binary

--apb (Alan Barrett)