|
Any | Implementation Request | Very Low | Low | [chdkptp] please add package to repos | Closed | |
Task Description
CHDKPTP is part of CHDK project - a free software firmware add-on for Canon cameras. It enables controlling Canon cameras via the computer.
Attached is a modified iup PKGBUILD (Lua 5.3 build was removed as it failed to compile) and configuration files for chdkptp.
Code is available via svn:
$ svn co http://subversion.assembla.com/svn/chdkptp/trunk chdkptp
Copy chdkptp.sh and config.mk files to source tree then compile via make. Requires root privileges to connect to a camera.
|
|
Any | Privacy Issue | High | High | [redshift] remove geoclue2 support | Closed | |
Task Description
Bug Report
Tratando proveedor ubicación `geoclue2'...
Usando el proveedor `geoclue2'.
Unable to connect to GeoClue.
Incapaz de obtener localización desde el proveedor.
Package information:
$ pacman -S redshift Repositorio : community Nombre : redshift Versión : 1.11-4.hyperbola1 Descripción : Adjusts the color temperature of your screen according to your surroundings, without geoclue2 support Arquitectura : x86_64 URL : http://jonls.dk/redshift/ Licencias : GPL3 Grupos : Nada Provee : Nada Depende de : libdrm libxcb libxxf86vm Dependencias opcionales : python-gobject: for redshift-gtk python-xdg: for redshift-gtk librsvg: for redshift-gtk En conflicto con : Nada Remplaza a : Nada Tamaño de la descarga : 107,66 KiB Tamaño de la instalación : 1004,00 KiB Encargado : André Silva emulatorman@hyperbola.info Fecha de creación : sáb 17 jun 2017 14:03:43 -05 Validado por : Suma MD5 Suma SHA-256 Firma
|
|
Any | Privacy Issue | High | High | [epiphany] would be more private if not for Hyperbola p ... | Closed | |
Task Description
(in Spanish) Copio lo que puse en irc:
<isacdaavid>: este parche de epiphany está removiendo cosas de más. Si te fijas aca verás que lo que ese código hace es proteger la privacidad contra google y facebook.
<isacdaavid>: https://git.parabola.nu/abslibre.git/tree/libre/epiphany/privacy.patch#n162 sólo está probando si el spyware está siendo removido efectivamente. Tampoco veo necesidad de mantener lo de la línea #122 (lo único que hace es cambiar el título de la ventana), ni lo de la línea #139 (sólo está probando que el parser de URLs funciona, no hace conexiones), y mucho menos quitar referencias a “google.com” en los comentarios.
<isacdaavid>: subiré mis cambios a parabola, por si te interesa usarlos.
|
|
Any | Privacy Issue | Very High | Critical | [libreoffice*] contains Google API keys | Closed | |
Task Description
Libreoffice contains Google API keys which affects privacy.
|
|
Any | Privacy Issue | Very High | Critical | [openrc] Google in init.d and conf.d configuration (ne ... | Closed | |
Task Description
/etc/init.d/net-online
-----
Line #62
ping_test_host="${ping_test_host:-google.com}"
_____
/etc/conf.d/net-online
-----
# The default is google.com.
|
|
Any | Privacy Issue | Very Low | Medium | [avahi] avahi publishes the hostname by default | Closed | |
Task Description
By default, the ‘disable-publishing’ parameter in the [publish] section of avahi-daemon.conf is set to ‘no’, which can be seen in my opinion as a privacy issue as avahi broadcasts the hostname without the user’s consent even though this has been explicitly disabled in the settings of networkmanager.
|
|
Any | Privacy Issue | High | Critical | [deepin-desktop-base] Check for CNZZ Spyware | Closed | |
Task Description
As per a recent discovery, we should check if our deepin is affected by the CNZZ spyware in the AppStore. https://www.youtube.com/watch?v=v25Dy66AtNI
We also shouldn’t use the AppStore if it exists, due to non-free apps.
Known files: > usr/share/dbus-1/system-services/com.deepin.daemon.Apps.service > etc/appstore.json
|
|
Any | Privacy Issue | Medium | Medium | [meta] Investigate DuckDuckGo links for privacy | Closed | |
Task Description
As per a user report (https://forums.hyperbola.info/viewtopic.php?id=92), DDG is USA based search engine and is blocking Tor users (https://trac.torproject.org/projects/tor/ticket/23648). They are also using non-free JS on the default search.
It seems the best way to solve this is to use their “html” hidden service since it conceals the user IP, doesn’t block Tor users by default, and doesn’t need JS. https://3g2upl4pq6kufc4m.onion/html/
This will affect multiple applications that are currently using DuckDuckGo. The alternative is to remove it completely, but it still is a better option than Google et. all for privacy...
|
|
Any | Privacy Issue | Very High | Critical | [purple-facebook] only useful with Facebook service | Closed | |
Task Description
Description:
community/purple-facebook 0.9.3-1
Facebook protocol plugin for libpurple
It is up to maintainers to decide of course. IMHO I would remove this one as it uses proprietary network Facebook, exclusively, and even mentioning the word in the package.
See: https://www.gnu.org/distros/free-system-distribution-guidelines.html
A free system distribution must not steer users towards obtaining any nonfree information for practical use, or encourage them to do so.
|
|
Any | Privacy Issue | Very High | Critical | [cutegram] only useful with Telegram service | Closed | |
Task Description
Description: Cutegram is a Telegram client. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si cutegram
Repository : community
Name : cutegram
Version : 2.7.1-3
Description : A different telegram client from Aseman team
Architecture : x86_64
URL : http://aseman.co/en/products/cutegram/
Licenses : GPL
Groups : None
Provides : cutegram
Depends On : qt5-imageformats qt5-webkit telegramqml>=0.9.1 libqtelegram-ae>=3:6.1
Optional Deps : gst-plugins-bad: audio support
gst-plugins-good: audio and notification sound
Conflicts With : cutegram-git sigram-git sigram cutegram
Replaces : cutegram-cn
Download Size : 12.03 MiB
Installed Size : 17.07 MiB
Packager : Jiachen Yang <farseerfc@gmail.com>
Build Date : Mon 25 Jan 2016 05:59:04 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Privacy Issue | Very High | Critical | [libqtelegram-ae] only useful with Telegram service | Closed | |
Task Description
Description: libqtelegram-ae is Telegram library written in Qt based on telegram-cli code. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si libqtelegram-ae
Repository : community
Name : libqtelegram-ae
Version : 3:6.1-4
Description : Telegram library written in Qt based on telegram-cli code
Architecture : x86_64
URL : https://launchpad.net/libqtelegram
Licenses : GPL3
Groups : None
Provides : None
Depends On : qt5-base qt5-multimedia
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 431.27 KiB
Installed Size : 1999.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Wed 05 Apr 2017 07:16:39 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Privacy Issue | Very High | Critical | [telegram-qt] only useful with Telegram service | Closed | |
Task Description
Description: TelegramQt is a Telegram binding for Qt. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si telegram-qt
Repository : community
Name : telegram-qt
Version : 0.1.0-2
Description : Qt bindings for the Telegram protocol
Architecture : x86_64
URL : https://github.com/Kaffeine/telegram-qt
Licenses : GPL
Groups : None
Provides : None
Depends On : qt5-base
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 204.80 KiB
Installed Size : 747.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Sat 18 Feb 2017 06:49:55 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Privacy Issue | Very High | Critical | [telegramqml] only useful with Telegram service | Closed | |
Task Description
Description: TelegramQML are Telegram API tools for QtQml and Qml. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si telegramqml
Repository : community
Name : telegramqml
Version : 0.9.2-2
Description : Telegram API tools for QtQml and Qml
Architecture : x86_64
URL : https://github.com/Aseman-Land/TelegramQML
Licenses : GPL
Groups : None
Provides : None
Depends On : qt5-webkit qt5-imageformats qt5-graphicaleffects qt5-quickcontrols libqtelegram-ae
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 401.03 KiB
Installed Size : 1905.00 KiB
Packager : Jiachen Yang <farseerfc@gmail.com>
Build Date : Mon 25 Jan 2016 05:46:59 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Privacy Issue | Very High | Critical | [telepathy-morse] only useful with Telegram service | Closed | |
Task Description
Description: Telepathy-Morse is a Qt-based Telegram connection manager for the Telepathy framework. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.
Additional info:
$ pacman -Si telepathy-morse
Repository : community
Name : telepathy-morse
Version : 0.1.0-1
Description : Telepathy Connection Manager for the Telegram network
Architecture : x86_64
URL : https://github.com/TelepathyQt/telepathy-morse
Licenses : GPL
Groups : None
Provides : None
Depends On : telepathy-qt5 telegram-qt
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 90.80 KiB
Installed Size : 351.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Fri 16 Sep 2016 11:49:33 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Privacy Issue | Very High | Critical | [telepathy-kde-accounts-kcm] recommends Telepathy-Morse ... | Closed | |
Task Description
Description: telepathy-kde-accounts-kcm contains the telepathy-morse package in its optdepends array. It should be removed since Telepathy-Morse provides support for Telegram, a nonfree server-side service that requires accounts tied to telephone numbers.
Additional info:
$ pacman -Si telepathy-kde-accounts-kcm
Repository : extra
Name : telepathy-kde-accounts-kcm
Version : 17.04.0-1
Description : KCM Module for configuring Telepathy Instant Messaging Accounts
Architecture : x86_64
URL : https://community.kde.org/Real-Time_Communication_and_Collaboration
Licenses : GPL
Groups : kde-applications kdenetwork telepathy-kde
Provides : None
Depends On : telepathy-qt kaccounts-providers
Optional Deps : telepathy-gabble: XMPP/Jabber accounts support
telepathy-haze: account types supported by Pidgin/libpurple
telepathy-morse: Telegram accounts support
telepathy-salut: link-local XMPP account support
Conflicts With : None
Replaces : None
Download Size : 334.86 KiB
Installed Size : 2111.00 KiB
Packager : Antonio Rojas <arojas@archlinux.org>
Build Date : Sat 15 Apr 2017 06:47:59 PM -03
Validated By : MD5 Sum SHA-256 Sum Signature
|
|
Any | Privacy Issue | Very Low | Low | [purple-plugin-pack] Provides Napster support which is ... | Closed | |
Task Description
purple-plugin-pack provides access to Napster which is only useful with a single company and sever (as far as I could tell).
|
|
Any | Privacy Issue | Very Low | Medium | [certbot-dns-luadns] LuaDNS service depends in non-free ... | Closed | |
Task Description
According to their documentation:
In order to use LuaDNS service you’ll need a LuaDNS account and a Git repository.
Sign up for a free LuaDNS account here: https://api.luadns.com/signup
Currently we are supporting the following Git hosting services: > GitHub > Bitbucket
GitHub, as everybody knows, was acquired by Microsoft last year (2018) https://news.microsoft.com/2018/06/04/microsoft-to-acquire-github-for-7-5-billion/
And Bitbucket, like GitHub, is a centralized non-free git service.
There are other packages made for GitHub which haven’t been removed, but as you were deleting the certbot-dns-* packages that depended on a US-based DNS provider company, I thought you may wanted to know this.
|
|
Any | Privacy Issue | Very Low | Low | [github] check github-related packages | Closed | |
Task Description
We should check if the following packages run any non-free JS (like youtube-dl) or access a proprietary API:
- hub - python-pygithub - python2-pygithub
I haven’t check them, but they look fishy. Take it as a reminder, this is far from being urgent IMO.
|
|
Any | Privacy Issue | Very Low | Critical | [bleachbit] needs to be adapted to UXP applications | Closed | |
Task Description
The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.
|
|
Any | Privacy Issue | Medium | High | midori new Support for cross-browser web extensions | Closed | |
Task Description
Description: idk what to do with it i add the PKGBUILD but this new extension needs to be checked left or patched, https://git.hyperbola.info:50100/~team/packages/extra.git/plain/midori/PKGBUILD?h=rachad
Additional info: * package version(9.0)
important links to check: * https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions * https://github.com/midori-browser/core/issues/244
|
|
Any | Pull Request | Very Low | High | [firejail] update of 0.9.52 to 0.9.54 + support for UXP ... | Closed | |
Task Description
Description:
Hi guys, there have been minor changes in firejail, we have also published iceweasel-uxp. Given this case, here I publish the relevant updates of the files.
|
|
Any | Pull Request | High | High | [firetools] update of 0.9.50 to 0.9.52 + support for UX ... | Closed | |
Task Description
Description:
Hi guys, there have been minor changes in firetools GUI, we have also published iceweasel-uxp. Given this case, here I publish the relevant updates of the files.
|
|
Any | Replace Request | Low | Low | [appmenu-qt4] replace with appmenu-qt (qt5) | Closed | |
Task Description
“appmenu-qt4”[0][2] is a deprecated package (release in 2012)[1] and use qt4 unsupported/non-lts software[3], but “appmenu-qt5” not contains any release source code[2]
$ pacman -Si appmenu-qt4 Repository : community Name : appmenu-qt4 Version : 0.2.6-1 Description : Export Qt4 applications menus over D-Bus Architecture : x86_64 URL : https://launchpad.net/appmenu-qt Licenses : GPL Groups : None Provides : None Depends On : libdbusmenu-qt4 Optional Deps : None Conflicts With : appmenu-qt Replaces : appmenu-qt Download Size : 16.55 KiB Installed Size : 48.00 KiB Packager : Antonio Rojas arojas@archlinux.org Build Date : Tue 28 Feb 2017 05:59:31 AM -03 Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://launchpad.net/appmenu-qt (qt4) [1]:https://launchpad.net/appmenu-qt/+download [2]:https://launchpad.net/appmenu-qt5 [3]:https://en.wikipedia.org/wiki/Qt_5.6_LTS
|
|
Any | Replace Request | Low | Low | [botan*] remove unstable "botan" and rename ''botan1.10 ... | Closed | |
Task Description
Remove unstable “botan” and rename “botan1.10” to “botan-old-stable”[0]
$ pacman -Si botan
Repository : community
Name : botan
Version : 2.1.0-1
Description : Crypto library written in C++
Architecture : x86_64
URL : https://botan.randombit.net/
Licenses : BSD
Groups : None
Provides : None
Depends On : gcc-libs sh
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 1816.44 KiB
Installed Size : 7040.00 KiB
Packager : Alexander Rødseth <rodseth@gmail.com>
Build Date : Fri 21 Apr 2017 09:19:27 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
$ pacman -Si botan1.10
Repository : community
Name : botan1.10
Version : 1.10.13-1
Description : Crypto library written in C++ - old stable branch
Architecture : x86_64
URL : http://botan.randombit.net/
Licenses : BSD
Groups : None
Provides : None
Depends On : gcc-libs sh
Optional Deps : None
Conflicts With : None
Replaces : None
Download Size : 1014.98 KiB
Installed Size : 3734.00 KiB
Packager : Felix Yan <felixonmars@archlinux.org>
Build Date : Fri 06 Jan 2017 06:48:59 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature
[0]:https://botan.randombit.net/
|
|
Any | Replace Request | Very High | Critical | [dnscrypt-proxy] update package to 2.x following backpo ... | Closed | |
Task Description
Since DNSCrypt-Proxy project has been abandoned [0] , DNSCrypt-Proxy 2 [1] should be used as its source replacement, however DNSCrypt-Proxy 2 contains support for unsafe and dangerous for privacy protocols such as Google. [2] [3] [4] Also, it contains Google recommendation and support through its parental control servers and public resolvers lists [5] [6]
Therefore DNSCrypt-Proxy 2 requires be re-forked by us first to follow our social contract.
|
|
Any | Replace Request | Very High | Critical | [kernel-firmware] split out firmware projects from linu ... | Closed | |
|
|
Any | Replace Request | Very Low | Medium | [youtube-dl] replace avideo-lts with youtube-dl | Closed | |
|
|
Any | Replace Request | Defer | Critical | [bzr] replace deprecated GNU Bazaar to Brezy | Closed | |
|
|
Any | Replace Request | High | Critical | [python2] replace deprecated Python 2 to Tauthon | Closed | |
|
|
Any | Replace Request | Medium | Medium | [hypervideo] stop the development of Hypervideo | Closed | |
|
|
Any | Replace Request | Medium | High | [firejail] use firejail LTS | Closed | |
|
|
Any | Security Issue | Very High | Critical | [gnome-mplayer] [gecko-mediaplayer] [gmtk] remove unsec ... | Closed | |
|
|
Any | Security Issue | Very High | Critical | [freewrl] remove unsecure "libFreeWRLplugin.so" | Closed | |
|
|
Any | Security Issue | Very High | Critical | [xulrunner] unmaintained and unsupportable | Closed | |
|
|
Any | Security Issue | High | High | [npapi-sdk] remove unsecure/deprecated package | Closed | |
|
|
Any | Security Issue | High | High | [npapi-vlc] remove unsecured package | Closed | |
|
|
Any | Security Issue | High | High | [nspluginwrapper] remove unsecure/deprecated package | Closed | |
|
|
Any | Security Issue | High | High | [x2goplugin] remove unsecure package | Closed | |
|
|
Any | Security Issue | High | High | [djview] remove unsecure "nsdejavu.so" | Closed | |
|
|
Any | Security Issue | High | High | [icedtea-web] remove unsecure "IcedTeaPlugin.so" | Closed | |
|
|
Any | Security Issue | Medium | Medium | [cinepaint] unmaintained and unsupportable | Closed | |
|
|
Any | Security Issue | Very High | Critical | [midori] unmaintained and unsupportable | Closed | |
|
|
Any | Security Issue | Very High | Critical | [w3m] unmaintained and unsupportable | Closed | |
|
|
Any | Security Issue | Very High | Critical | [pam] pam_unix2 is orphaned and dead upstream | Closed | |
|
|
Any | Security Issue | Very High | Critical | [wpa_supplicant] vulnerable to KRAK attack | Closed | |
|
|
Any | Security Issue | High | High | [podofo] vulnerable allows remote attackers to cause a ... | Closed | |
|
|
Any | Security Issue | High | High | [isync] needs update | Closed | |
|
|
Any | Security Issue | Medium | High | [blender] error invalid PGP keys | Closed | |
|
|
Any | Security Issue | Very High | Critical | [dillo] enable IPv6, SSL/TLS and threaded DNS support | Closed | |
|
|
Any | Security Issue | High | High | [busybox] CVE-2017-16544: autocompletion vulnerability | Closed | |
|