zoneminder icon indicating copy to clipboard operation
zoneminder copied to clipboard
verified publisher icon ZoneMinder

ConfigData: default to not checking for updated versions of ZoneMinder

Open davvid opened this issue 1 year ago • 4 comments

Users should get updates through the package. Also prevents "phoning home" to zoneminder.com.

davvid avatar Feb 10 '24 22:02 davvid

The first patch in this series originated from Debian's patches: https://salsa.debian.org/debian/zoneminder/-/tree/master/debian/patches?ref_type=heads

davvid avatar Feb 10 '24 22:02 davvid

I believe there is an edit config data script in utils designed for distros to change config for packages. Mobile so can’t grab a link for you.

On Sun, 11 Feb 2024 at 9:45 am, David Aguilar @.***> wrote:

The first patch in this series originated from Debian's patches:

https://salsa.debian.org/debian/zoneminder/-/tree/master/debian/patches?ref_type=heads

— Reply to this email directly, view it on GitHub https://github.com/ZoneMinder/zoneminder/pull/3825#issuecomment-1937326115, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB2CWXEH5H4PMQYSMDFYVKDYS72AJAVCNFSM6AAAAABDDBBMQCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTSMZXGMZDMMJRGU . You are receiving this because you are subscribed to this thread.Message ID: @.***>

SteveGilvarry avatar Feb 10 '24 22:02 SteveGilvarry

Thanks for the pointer @SteveGilvarry much appreciated. I mostly submitted this patch because I agree with Debian's position that the tool should be privacy-respecting by default (for all users) rather than something that's Debian-only. This isn't really a big deal for Debian since they're already patching it, but it seemed worth sharing in case y'all agree.

We can close this PR if maintainers feel otherwise, though. It's all good. Thanks again for zoneminder.

davvid avatar Feb 10 '24 23:02 davvid

The problem here is that people do not manually check for updates. We still have people using ZoneMinder from 10 years ago, that we know are completely insecure and broken.

We agree with the general stance of respecting privacy, but we also want people to get updates. So since distros manage the updates, that's cool that they disable this. For anyone else, I think we should stick with it enabled. Now, it probably SHOULD be a bigger, more in your face decision to make upon first install, like the telemetry configuration.

I would certainly merge a PR that did that in addition to this one.

connortechnology avatar Feb 21 '24 15:02 connortechnology