Packages

Category  desc Task Type Priority Severity Summary Status Progress
AnyImplementation RequestVery LowLow [chdkptp] please add package to repos Closed
100%
Task Description

CHDKPTP is part of CHDK project - a free software firmware add-on for Canon cameras. It enables controlling Canon cameras via the computer.

Attached is a modified iup PKGBUILD (Lua 5.3 build was removed as it failed to compile) and configuration files for chdkptp.

Code is available via svn:

$ svn co http://subversion.assembla.com/svn/chdkptp/trunk chdkptp

Copy chdkptp.sh and config.mk files to source tree then compile via make. Requires root privileges to connect to a camera.

AnyPrivacy IssueHighHigh [redshift] remove geoclue2 support Closed
100%
Task Description

Bug Report

Tratando proveedor ubicación `geoclue2'...
Usando el proveedor `geoclue2'.
Unable to connect to GeoClue.
Incapaz de obtener localización desde el proveedor.

Package information:

$ pacman -S redshift
Repositorio : community
Nombre : redshift
Versión : 1.11-4.hyperbola1
Descripción : Adjusts the color temperature of your screen according to your surroundings, without geoclue2 support
Arquitectura : x86_64
URL : http://jonls.dk/redshift/ Licencias : GPL3
Grupos : Nada
Provee : Nada
Depende de : libdrm libxcb libxxf86vm
Dependencias opcionales : python-gobject: for redshift-gtk python-xdg: for redshift-gtk librsvg: for redshift-gtk
En conflicto con : Nada
Remplaza a : Nada
Tamaño de la descarga : 107,66 KiB
Tamaño de la instalación : 1004,00 KiB
Encargado : André Silva emulatorman@hyperbola.info Fecha de creación : sáb 17 jun 2017 14:03:43 -05
Validado por : Suma MD5 Suma SHA-256 Firma

AnyPrivacy IssueHighHigh [epiphany] would be more private if not for Hyperbola p ...Closed
100%
Task Description

(in Spanish)
Copio lo que puse en irc:

<isacdaavid>: este parche de epiphany está removiendo cosas de más. Si te fijas aca verás que lo que ese código hace es proteger la privacidad contra google y facebook.

<isacdaavid>: https://git.parabola.nu/abslibre.git/tree/libre/epiphany/privacy.patch#n162 sólo está probando si el spyware está siendo removido efectivamente. Tampoco veo necesidad de mantener lo de la línea #122 (lo único que hace es cambiar el título de la ventana), ni lo de la línea #139 (sólo está probando que el parser de URLs funciona, no hace conexiones), y mucho menos quitar referencias a “google.com” en los comentarios.

<isacdaavid>: subiré mis cambios a parabola, por si te interesa usarlos.

AnyPrivacy IssueVery HighCritical [libreoffice*] contains Google API keys Closed
100%
Task Description

Libreoffice contains Google API keys which affects privacy.

AnyPrivacy IssueVery HighCritical [openrc] Google in init.d and conf.d configuration (ne ...Closed
100%
Task Description
/etc/init.d/net-online
-----
Line #62
ping_test_host="${ping_test_host:-google.com}"
_____
/etc/conf.d/net-online
-----
# The default is google.com.
AnyPrivacy IssueVery LowMedium [avahi] avahi publishes the hostname by default Closed
100%
Task Description

By default, the ‘disable-publishing’ parameter in the [publish] section of avahi-daemon.conf is set to ‘no’, which can be seen in my opinion as a privacy issue as avahi broadcasts the hostname without the user’s consent even though this has been explicitly disabled in the settings of networkmanager.

AnyPrivacy IssueHighCritical [deepin-desktop-base] Check for CNZZ Spyware Closed
100%
Task Description

As per a recent discovery, we should check if our deepin is affected by the CNZZ spyware in the AppStore.
https://www.youtube.com/watch?v=v25Dy66AtNI

We also shouldn’t use the AppStore if it exists, due to non-free apps.

Known files:
> usr/share/dbus-1/system-services/com.deepin.daemon.Apps.service
> etc/appstore.json

AnyPrivacy IssueMediumMedium [meta] Investigate DuckDuckGo links for privacy Closed
100%
Task Description

As per a user report (https://forums.hyperbola.info/viewtopic.php?id=92), DDG is USA based search engine and is blocking Tor users (https://trac.torproject.org/projects/tor/ticket/23648).
They are also using non-free JS on the default search.

It seems the best way to solve this is to use their “html” hidden service since it conceals the user IP, doesn’t block Tor users by default, and doesn’t need JS. https://3g2upl4pq6kufc4m.onion/html/

This will affect multiple applications that are currently using DuckDuckGo. The alternative is to remove it completely, but it still is a better option than Google et. all for privacy...

AnyPrivacy IssueVery HighCritical [purple-facebook] only useful with Facebook service Closed
100%
Task Description

Description:

community/purple-facebook 0.9.3-1
    Facebook protocol plugin for libpurple

It is up to maintainers to decide of course. IMHO I would remove this one as it uses proprietary network Facebook, exclusively, and even mentioning the word in the package.

See:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

A free system distribution must not steer users towards obtaining any nonfree information for practical use, or encourage them to do so.

AnyPrivacy IssueVery HighCritical [cutegram] only useful with Telegram service Closed
100%
Task Description

Description:
Cutegram is a Telegram client. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si cutegram
Repository      : community
Name            : cutegram
Version         : 2.7.1-3
Description     : A different telegram client from Aseman team
Architecture    : x86_64
URL             : http://aseman.co/en/products/cutegram/
Licenses        : GPL
Groups          : None
Provides        : cutegram
Depends On      : qt5-imageformats  qt5-webkit  telegramqml>=0.9.1  libqtelegram-ae>=3:6.1
Optional Deps   : gst-plugins-bad: audio support
                  gst-plugins-good: audio and notification sound
Conflicts With  : cutegram-git  sigram-git  sigram  cutegram
Replaces        : cutegram-cn
Download Size   : 12.03 MiB
Installed Size  : 17.07 MiB
Packager        : Jiachen Yang <farseerfc@gmail.com>
Build Date      : Mon 25 Jan 2016 05:59:04 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
AnyPrivacy IssueVery HighCritical [libqtelegram-ae] only useful with Telegram service Closed
100%
Task Description

Description:
libqtelegram-ae is Telegram library written in Qt based on telegram-cli code. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si libqtelegram-ae
Repository      : community
Name            : libqtelegram-ae
Version         : 3:6.1-4
Description     : Telegram library written in Qt based on telegram-cli code
Architecture    : x86_64
URL             : https://launchpad.net/libqtelegram
Licenses        : GPL3
Groups          : None
Provides        : None
Depends On      : qt5-base  qt5-multimedia
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 431.27 KiB
Installed Size  : 1999.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Wed 05 Apr 2017 07:16:39 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
AnyPrivacy IssueVery HighCritical [telegram-qt] only useful with Telegram service Closed
100%
Task Description

Description:
TelegramQt is a Telegram binding for Qt. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si telegram-qt
Repository      : community
Name            : telegram-qt
Version         : 0.1.0-2
Description     : Qt bindings for the Telegram protocol
Architecture    : x86_64
URL             : https://github.com/Kaffeine/telegram-qt
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : qt5-base
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 204.80 KiB
Installed Size  : 747.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Sat 18 Feb 2017 06:49:55 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
AnyPrivacy IssueVery HighCritical [telegramqml] only useful with Telegram service Closed
100%
Task Description

Description:
TelegramQML are Telegram API tools for QtQml and Qml. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si telegramqml
Repository      : community
Name            : telegramqml
Version         : 0.9.2-2
Description     : Telegram API tools for QtQml and Qml
Architecture    : x86_64
URL             : https://github.com/Aseman-Land/TelegramQML
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : qt5-webkit  qt5-imageformats  qt5-graphicaleffects  qt5-quickcontrols  libqtelegram-ae
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 401.03 KiB
Installed Size  : 1905.00 KiB
Packager        : Jiachen Yang <farseerfc@gmail.com>
Build Date      : Mon 25 Jan 2016 05:46:59 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
AnyPrivacy IssueVery HighCritical [telepathy-morse] only useful with Telegram service Closed
100%
Task Description

Description:
Telepathy-Morse is a Qt-based Telegram connection manager for the Telepathy framework. It is free software, however uses Telegram, a nonfree server-side service that requires accounts tied to telephone numbers. It needs go to the blacklist since Hyperbola’s objective is to support privacy of its community.

Additional info:

$ pacman -Si telepathy-morse
Repository      : community
Name            : telepathy-morse
Version         : 0.1.0-1
Description     : Telepathy Connection Manager for the Telegram network
Architecture    : x86_64
URL             : https://github.com/TelepathyQt/telepathy-morse
Licenses        : GPL
Groups          : None
Provides        : None
Depends On      : telepathy-qt5  telegram-qt
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 90.80 KiB
Installed Size  : 351.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Fri 16 Sep 2016 11:49:33 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
AnyPrivacy IssueVery HighCritical [telepathy-kde-accounts-kcm] recommends Telepathy-Morse ...Closed
100%
Task Description

Description:
telepathy-kde-accounts-kcm contains the telepathy-morse package in its optdepends array. It should be removed since Telepathy-Morse provides support for Telegram, a nonfree server-side service that requires accounts tied to telephone numbers.

Additional info:

$ pacman -Si telepathy-kde-accounts-kcm
Repository      : extra
Name            : telepathy-kde-accounts-kcm
Version         : 17.04.0-1
Description     : KCM Module for configuring Telepathy Instant Messaging Accounts
Architecture    : x86_64
URL             : https://community.kde.org/Real-Time_Communication_and_Collaboration
Licenses        : GPL
Groups          : kde-applications  kdenetwork  telepathy-kde
Provides        : None
Depends On      : telepathy-qt  kaccounts-providers
Optional Deps   : telepathy-gabble: XMPP/Jabber accounts support
                  telepathy-haze: account types supported by Pidgin/libpurple
                  telepathy-morse: Telegram accounts support
                  telepathy-salut: link-local XMPP account support
Conflicts With  : None
Replaces        : None
Download Size   : 334.86 KiB
Installed Size  : 2111.00 KiB
Packager        : Antonio Rojas <arojas@archlinux.org>
Build Date      : Sat 15 Apr 2017 06:47:59 PM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
AnyPrivacy IssueVery LowLow [purple-plugin-pack] Provides Napster support which is  ...Closed
100%
Task Description

purple-plugin-pack provides access to Napster which is only useful with a single company and sever (as far as I could tell).

AnyPrivacy IssueVery LowMedium [certbot-dns-luadns] LuaDNS service depends in non-free ...Closed
100%
Task Description

According to their documentation:

In order to use LuaDNS service you’ll need a LuaDNS account and a Git repository.
Sign up for a free LuaDNS account here: https://api.luadns.com/signup
Currently we are supporting the following Git hosting services:
> GitHub
> Bitbucket

GitHub, as everybody knows, was acquired by Microsoft last year (2018)
https://news.microsoft.com/2018/06/04/microsoft-to-acquire-github-for-7-5-billion/

And Bitbucket, like GitHub, is a centralized non-free git service.

There are other packages made for GitHub which haven’t been removed, but as you were deleting the certbot-dns-* packages that depended on a US-based DNS provider company, I thought you may wanted to know this.

AnyPrivacy IssueVery LowLow [github] check github-related packages Closed
100%
Task Description

We should check if the following packages run any non-free JS (like youtube-dl) or access a proprietary API:

- hub
- python-pygithub
- python2-pygithub

I haven’t check them, but they look fishy. Take it as a reminder, this is far from being urgent IMO.

AnyPrivacy IssueVery LowCritical [bleachbit] needs to be adapted to UXP applications Closed
100%
Task Description

The current version of BleachBit needs to be adapted so it can clean the new .cache/hyperbola/ directory.

AnyPrivacy IssueMediumHigh midori new Support for cross-browser web extensions Closed
100%
Task Description

Description:
idk what to do with it i add the PKGBUILD but this new extension needs to be checked left or patched,
https://git.hyperbola.info:50100/~team/packages/extra.git/plain/midori/PKGBUILD?h=rachad

Additional info:
* package version(9.0)

important links to check:
* https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions * https://github.com/midori-browser/core/issues/244

AnyPull RequestVery LowHigh [firejail] update of 0.9.52 to 0.9.54 + support for UXP ...Closed
100%
Task Description

Description:

Hi guys, there have been minor changes in firejail, we have also published iceweasel-uxp. Given this case, here I publish the relevant updates of the files.

AnyPull RequestHighHigh [firetools] update of 0.9.50 to 0.9.52 + support for UX ...Closed
100%
Task Description

Description:

Hi guys, there have been minor changes in firetools GUI, we have also published iceweasel-uxp. Given this case, here I publish the relevant updates of the files.

AnyReplace RequestLowLow [appmenu-qt4] replace with appmenu-qt (qt5) Closed
100%
Task Description

“appmenu-qt4”[0][2] is a deprecated package (release in 2012)[1] and use qt4 unsupported/non-lts software[3], but “appmenu-qt5” not contains any release source code[2]

$ pacman -Si appmenu-qt4
Repository : community
Name : appmenu-qt4
Version : 0.2.6-1
Description : Export Qt4 applications menus over D-Bus
Architecture : x86_64
URL : https://launchpad.net/appmenu-qt Licenses : GPL Groups : None
Provides : None
Depends On : libdbusmenu-qt4
Optional Deps : None
Conflicts With : appmenu-qt
Replaces : appmenu-qt
Download Size : 16.55 KiB
Installed Size : 48.00 KiB
Packager : Antonio Rojas arojas@archlinux.org Build Date : Tue 28 Feb 2017 05:59:31 AM -03
Validated By : MD5 Sum SHA-256 Sum Signature

[0]:https://launchpad.net/appmenu-qt (qt4)
[1]:https://launchpad.net/appmenu-qt/+download [2]:https://launchpad.net/appmenu-qt5 [3]:https://en.wikipedia.org/wiki/Qt_5.6_LTS

AnyReplace RequestLowLow [botan*] remove unstable "botan" and rename ''botan1.10 ...Closed
100%
Task Description

Remove unstable “botan” and rename “botan1.10” to “botan-old-stable”[0]

$ pacman -Si botan
Repository      : community
Name            : botan
Version         : 2.1.0-1
Description     : Crypto library written in C++
Architecture    : x86_64
URL             : https://botan.randombit.net/
Licenses        : BSD
Groups          : None
Provides        : None
Depends On      : gcc-libs  sh
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 1816.44 KiB
Installed Size  : 7040.00 KiB
Packager        : Alexander Rødseth <rodseth@gmail.com>
Build Date      : Fri 21 Apr 2017 09:19:27 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature
$ pacman -Si botan1.10
Repository      : community
Name            : botan1.10
Version         : 1.10.13-1
Description     : Crypto library written in C++ - old stable branch
Architecture    : x86_64
URL             : http://botan.randombit.net/
Licenses        : BSD
Groups          : None
Provides        : None
Depends On      : gcc-libs  sh
Optional Deps   : None
Conflicts With  : None
Replaces        : None
Download Size   : 1014.98 KiB
Installed Size  : 3734.00 KiB
Packager        : Felix Yan <felixonmars@archlinux.org>
Build Date      : Fri 06 Jan 2017 06:48:59 AM -03
Validated By    : MD5 Sum  SHA-256 Sum  Signature

[0]:https://botan.randombit.net/

AnyReplace RequestVery HighCritical [dnscrypt-proxy] update package to 2.x following backpo ...Closed
100%
Task Description

Since DNSCrypt-Proxy project has been abandoned [0] , DNSCrypt-Proxy 2 [1] should be used as its source replacement, however DNSCrypt-Proxy 2 contains support for unsafe and dangerous for privacy protocols such as Google. [2] [3] [4] Also, it contains Google recommendation and support through its parental control servers and public resolvers lists [5] [6]

Therefore DNSCrypt-Proxy 2 requires be re-forked by us first to follow our social contract.

AnyReplace RequestVery HighCritical [kernel-firmware] split out firmware projects from linu ...Closed
100%
AnyReplace RequestVery LowMedium [youtube-dl] replace avideo-lts with youtube-dl Closed
100%
AnyReplace RequestDeferCritical [bzr] replace deprecated GNU Bazaar to Brezy Closed
100%
AnyReplace RequestHighCritical [python2] replace deprecated Python 2 to Tauthon Closed
100%
AnyReplace RequestMediumMedium [hypervideo] stop the development of Hypervideo Closed
100%
AnyReplace RequestMediumHigh [firejail] use firejail LTS Closed
100%
AnySecurity IssueVery HighCritical [gnome-mplayer] [gecko-mediaplayer] [gmtk] remove unsec ...Closed
100%
AnySecurity IssueVery HighCritical [freewrl] remove unsecure "libFreeWRLplugin.so" Closed
100%
AnySecurity IssueVery HighCritical [xulrunner] unmaintained and unsupportable Closed
100%
AnySecurity IssueHighHigh [npapi-sdk] remove unsecure/deprecated package Closed
100%
AnySecurity IssueHighHigh [npapi-vlc] remove unsecured package Closed
100%
AnySecurity IssueHighHigh [nspluginwrapper] remove unsecure/deprecated package Closed
100%
AnySecurity IssueHighHigh [x2goplugin] remove unsecure package Closed
100%
AnySecurity IssueHighHigh [djview] remove unsecure "nsdejavu.so" Closed
100%
AnySecurity IssueHighHigh [icedtea-web] remove unsecure "IcedTeaPlugin.so" Closed
100%
AnySecurity IssueMediumMedium [cinepaint] unmaintained and unsupportable Closed
100%
AnySecurity IssueVery HighCritical [midori] unmaintained and unsupportable Closed
100%
AnySecurity IssueVery HighCritical [w3m] unmaintained and unsupportable Closed
100%
AnySecurity IssueVery HighCritical [pam] pam_unix2 is orphaned and dead upstream Closed
100%
AnySecurity IssueVery HighCritical [wpa_supplicant] vulnerable to KRAK attack Closed
100%
AnySecurity IssueHighHigh [podofo] vulnerable allows remote attackers to cause a  ...Closed
100%
AnySecurity IssueHighHigh [isync] needs update Closed
100%
AnySecurity IssueMediumHigh [blender] error invalid PGP keys Closed
100%
AnySecurity IssueVery HighCritical [dillo] enable IPv6, SSL/TLS and threaded DNS support Closed
100%
AnySecurity IssueHighHigh [busybox] CVE-2017-16544: autocompletion vulnerability Closed
100%
Showing tasks 1401 - 1450 of 1517 Page 29 of 31

Available keyboard shortcuts

Tasklist

Task Details

Task Editing