We discuss things on desktop-devel-list, for general awareness.
We chat in irc.gnome.org in the #safety channel.
If you find a bug relevant for the safety and privacy team, please put "safety" in the status whiteboard field of the bug. This will help us find it easily.
SSL/TLS all the things
See the minutes of the initial meeting at GUADEC 2014 for more details. These packages need TLS-ification:
Gnome-weather - 736814
- Gnome-maps (FIXME: bug?)
- Gnome-music (FIXME: bug?)
- Gravatar (FIXME: bug? Which code fetches the avatars?)
How do we do certificate pinning for "random" applications like those? Can we centralize that functionality (in libsoup)?
Content sharing / service APIs
See Design/OS/Sharing for inspiration from other OSes, and for a proposed workflow.
Forget passphrases when screensaver activates
We should probably forget the user's typed passphrases (for ssh, GPG, etc.) when the screensaver activates, and/or when the user suspends the machine.
When we have a service API to share files, we'll need to offer the user a way to scrub metadata. See the Metadata Anonymisation Toolkit (MAT) for an implementation.
People present at the initial GUADEC 2014 BoF
- Matthew Garret
- Nicklas Lindgren
- D. Spindel Ljungmark
- Hans Petter Jansson
- Gunnar Andersson
- Elad Alfassa
- And others forgotten and missed.
Ethics for Programmers: Primum non Nocere with an interesting analogy to the Hippocratic Oath.