This submission has been removed due to receiving too many reports from users. The mods have been notified and will re-approve if this removal was inappropriate, or leave it removed.
This is most likely because:
* Your post belongs in r/linuxquestions or r/linux4noobs
* Your post belongs in r/linuxmemes
* Your post is considered "fluff" - things like a Tux plushie or old Linux CDs are an example and, while they may be popular vote wise, they are not considered on topic
* Your post is otherwise deemed not appropriate for the subreddit
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/linux) if you have any questions or concerns.*
why is everyone so sure it must be those *horrific* EU rules that are the problem?
i'm probably being paranoid, but there's currently a lot of actors that would like to paint any EU regulation or cooperation in a bad light. especially EU rules that could hurt the techbro billionaires.
There's certainly a lot of useful idiots or straight up bots and trolls ready to jump on anything vaguely EU related.
To repeat how bad EU regulation is and how weak we are.
I guess being one of the last places with human rights and integrity earns some haters.
Chat Control. Legislation which would mean an end to personal privacy in the EU (unless you're a politician or a cop), and which those keeping a close eye on the situation say is currently being repackaged *yet again* in an attempt to force it through. Of course, the average Redditor is incapable of nuanced or independent thought (that doesn't get you updoots from the hive mind after all), so you're either Team EU or Team Trollbotfascist. I guess I must be the latter.
EU:
We are trying really hard to enslave all our people, but it's tough, so we try again every few months to push it through.
EU Citizens:
We love the EU! They're our friends!
also EU citizens: we vote in our national elections and our EU elections, and somehow it's not perfect. it must be the EUs fault rather than our own voting behavior.
note that chat control comes from national governments voted for by citizens, and that EU parliament has so far not voted in favor of any of them.
if the EU makes bad choices, it is in *your* hands to vote for better parties.
Yet, this news in the OP has nothing to do with chat control, which is not even a thing yet to begin with, not even a concrete proposal, but with GDPR, which is contrary to chat control, one of the few major pieces of legislation really improving data and privacy rights of end consumers in a meaningful way. It forced businesses to rethink data handling from ground up to that end.
The reality is that Linux has always had a subset of right-wing "libertarian" (fascists pretending to care about privacy) types in the community. This is nothing new, I remember arguing with these idiots in the early 2000's on IRC.
They seem to be a bit more radicalized nowadays though.
I think it’s a general reaction to this type of holier-than-thou attitude, along with a refusal to even entertain the possibility that the regulatory regime may come with some serious tradeoffs (like hamstringing younger, more innovative companies in favor of larger legacy firms who can deal with the compliance costs).
That would be wonderful if it was true, but sadly it’s not for every EU regulatory scheme. Lots of the GDPR, for example, applies across the board, and the threshold for the full thing is only 250 employees.
Not that this is only about small companies. My own employer is rapidly expanding to just about every developed country but hasn’t touched the EU because it’s just a minefield they’d rather not deal with yet.
Plenty of regulations are worth the tradeoffs but the costs tend to be diffuse and insidious.
I agree that there’s a lot of bad faith “MUST BE EU!!!” but
> The Data Protection Team was established in 2018 in response to new European data protection legislation.
is probably why one might think that
I always assumed that Debian, generally as a project, loved their bureaucratic process.
But I guess the nonsense that EU is piling on developers was just too much for them.
From the mailing list:
>In practice, the workload has been low: the team handled four
requests in 2025. Additional proactive work, such as improving the
privacy policy or advising teams on data-handling workflows, is welcome
but optional and can be shaped by the interests of the volunteers.
The previous team stepped back mainly due to a lack of capacity and
enthusiasm to take the work further, not because of specific problems.
So as I'm reading it, the team was busy with other things, want people who can actually improve things to take the role, and left to expedite that process.
that is one way of reading it.
another might be that there were differences between the team and the rest of Debian org and they resigned.
It is not just 1 person. but 3 from the same team (the whole team)
It is a bit weird though. The article makes it sound like there is a very urgent need and the project leader is now handling their work, while being almost overwhelmed. However, judging by this, their work (obviously simplifying a lot) averages to an email every 3 months.
The urgency is probably due to a legal requirement for one to exist. It says the team was originally established to meet European Union data privacy requirements.
I see it like this:
If they just asked for someone to sub in, it would likely take ages for anything to happen, if it ever does. If 1 of them left, nothing would really change, mostly the same for 2 leaving.
The entire team just being gone, however? - that leaves a hole, which must be filled. It creates announcements, and speeds up the process, and so, increases the chances of someone who's actually going to do something with the role being put in it. And, since the *required* work is so small, they're not really doing anything that bad if no-one steps up.
And most importantly, there's nothing dickish about deciding you want to do something different.
If two other people on the same exact team / role make the same decision, that's not the fault of the three people but of the organization they are a part of.
People are allowed to change their minds.
Project ending fines? Only if you fuck up so badly and repeatedly, you should never be dealing with any sort of data. These rules are for any sort of organisation from small groups to multinational organisations. No point bankrupting ever small group for accidents like CCing instead of BCCing.
The amount of people on here that think that any tiny slip up of GDPR could end any organisation have spent too much time listening to some really dodgy propaganda from organisations that don't think basic security is something that is required of them.
Those four emails were emotionally draining.
1) Hey I found this bug
2) Hey you guys want pizza
3)Hey you guys getting any emails today?
4) Microsoft Reported an outage, no one is getting emails.
Especially if mistakes can have serious legal consequences. I can imagine that it is extremely stressful to know that mistakes can cause the project you care about getting sued.
Think this is it. EU is stepping up its enforcement of certain things. Simultaneously, they've been warning about this for a while, practically begging for support, and there is zero indication that the situation was going to change. This is serious, boring work, which requires serious, boring professionals to sit down to deal serious, boring bureaucracy.
It's one thing when all that's required is to just generally operate ethically, and designate someone to act like the adult in the room once in a blue room. It's quite another when you have to *prove* you're operating ethically under threat of law.
It's *great* that businesses have to get their house in order. Debian is sadly too big of an organization that it can count under regular grassroots/micro organizations, which is a bit unique. It's also understandable that the law wasn't written to account for such a special situation, but the EU really ought to help *fund* these types of projects if they're going to cause these requirements. It's a bit of a blind spot because it's not "a European organization", but it's definitely good for the European people, and in everyone's best interest for it to continue to flourish.
This is how you make these "draconian" laws actually work as intended. It's important.
The Debian project is a bit more than just a static download page though. There are lots of systems (bug tracking, repository management, etc.) that have user accounts for contributors, which obviously need to collect some information.
It is literally impossible to build anything that is distributed by, or capable of communicating with the internet. This is due to the simple fact that GDPR covers things fundamental to internet connectivity like IP addresses. The fact that [popcon](https://popcon.debian.org/) exists has a GDPR impact. The fact that debian maintains a [list of maintainers](https://nm.debian.org/public/people/dm_all/) has a GDPR impact. The fact that [https://github.com/debian](https://github.com/debian) exists has a GDPR impact. The fact that [debian.org](http://debian.org) exists and responds to http client requests has GDPR impact.
GDPR doesn't just apply to "storing" personal data. It applies if a service "processes" personal data. GDPR defines, among other things, a user's IP address as "personal data".
If you process data you need to store it first so that is redundant.
But yes an IP address is traceable to a person therefore its personal data. Which is not relevant if you use a webhost that doesnt give you the information in the firstplace.
> if you use a web host that doesn't give you the information in the first place
Using a third-party host does not absolve you of GDPR requirements, though you could link to your provider's privacy policy if you wanted.
Notice I didn't say it was "bad", just a pain. There are also many, MANY times an organization may need to collect peoples info for legitimate purposes.
> There is no requirement for anyone who wishes to use Debian to provide the project with any personal information; it is freely downloadable without registration or other form of identification from both official mirrors run by the project and numerous third parties.
> Various other aspects of interacting with the Debian Project will, however, ***involve the collection of personal information. This is primarily in the form of names and email addresses in emails received by the project***; all Debian mailing lists are publicly archived, as are all interactions with the bug tracking system. This is in keeping with our Social Contract, in particular our statement that we will give back to the free software community (#2), and that we will not hide our problems (#3). ***We do not perform further processing on any of the information we hold, but there are instances where it is automatically shared with third parties (such as emails to lists, or interactions with the bug tracking system).***
[https://www.debian.org/legal/privacy](https://www.debian.org/legal/privacy)
It doesn't "collect" your information in the sense of profiling you and selling it to data brokers. It absolutely "collects" data as defined by GDPR for the purpose of things like handling package server responses, among other things.
Okay, basic DoS mitigation is collecting IP addresses and blocking malicious ones. IP addresses + timeframe (+ port with NAT used) can be used to identify an individual. Therefore it's PII. That's why most websites have a banner pop up with "Legitimate interests" that you can't deselect which usually is just this.
Again, in this case it doesn't seem burn out or drama. Most likely one person said they don't wanna do it anymore, and the rest just thought "Yeah, actually, me neither". But GDPR still touches almost every server and website.
Even maintaining a list of people that have actively contributed to the project would be considered data subject to GDPR. The members of the various teams necessarily have some of their own data stored indicating as much. Bug tracking, organising DebCon, even their internal complaint handling all requires storing personal data.
They may well not have _your_ information, but as long as they have some data then they are subject to GDPR.
>The previous team stepped back mainly due to a lack of capacity and
enthusiasm to take the work further, not because of specific problems.
I interpret this as them wanting someone more suited for the role to take it, but knowing that if they just asked for someone to sub in for them, nothing would happen, at least for a *long* while, so they intentionally left a hole to force things to move along.
Seems a bit like a canary to me. Like they were going to be forced to do something, but some gov agency, so they resigned in protest, even if they can't admit the duress.
The interesting thing is, if you're in the email list, a lot of people have offered to step up but unfortunately you must be a debian developer in order to be on this team. Would be nice of there was a process to expedite this for those with the background and willingness to help.
Becoming a Debian developer used to be a pretty high bar for entry. I am not sure if things have changed in recent years, but when I went down that path and you had to have a sponsor, which they called "mentors". I maintained a few packages in Debian main with a sponsor for a couple years and I didn't really feel close to the "developer" status when I decided to move on to Fedora.
> fully pledged
fully fledged
This term comes from birds. Baby birds that are learning to fly are called fledglings, and when they are done learning, they are "fully fledged". This analogy is related to the phrase "spread your wings", meaning to demonstrate what you are capable of.
Oh, there’s that too, midnight ceremony, black robes, black metal, silver knives, the ashes of a Microsoft Windows EULA, the blood of a Microsoft salesman…
Yes, pledge can refer to an oath taken when joining an organization, but there is no phrase "fully pledged" in English, and there is no concept of partially taking a pledge as would be denoted by the word "fully". Additionally, you do not pledge to join a software company; the action word for this would be "sign" as in "signed on with a company" or "signing bonus", referring to signing your name on an employment contract.
Does the word make sense? Yes, obviously, as I understood what they meant, but this is a common mistake by ESL speakers and folks who have only heard the phrase a few times and never seen it in writing. Whether you approve of the usage or find it understandable, "fully pledged" is incorrect, and "fully fledged" is correct. This is not a matter of opinion.
Instead of defending an incorrect usage of a common phrase, just accept that this is a common mistake that many, many people make which I was clarifying as a friendly gesture.
In my own journey with learning other languages, having idioms like this corrected is incredibly valuable. The person I replied to appears to be an ESL speaker, and I offered the correction with that understanding. "Do unto others" and all that.
I think becoming a Debian Maintainer is not that hard, but you just need to find someone to sponsor your package uploads. However, becoming a Debian Developer which gives you more influence over the project as a whole has a pretty high bar from my experience. I have only made it into the first category and don't think I'd make it to DD without more time put into the project.
I posted this above too:
>There are two different Debian Developer roles as well. There is a role that is a non-uploading role that is a little more restrictive in access that should be able to be on a delegated team like this.
>I'll be honest, I put my hand up to volunteer as I work in a security role and deal with data request regularly. I am not a Debian Developer but the process to become one is a little long and does require the sponsor. I suggested to them that they should create/advertise a clear path for such a critical role but it was ultimately rejected by leadership as their focus being to find current DDs to fulfill the volunteer positions.
>I think that is shortsighted on their part but it is their decision and I understand the desire to have vetted individuals in such. critical position but I Las obelieve that when you're facing a critical gap like this one that you need to come up with unique solutions to solve this problem. If they were willing to sponsor the individuals that put their hands up and did a series of interviews, asked for references, etc, then they'd probably have these volunteer positions staffed already. But I digress.
There are two different Debian Developer roles as well. There is a role that is a non-uploading role that is a little more restrictive in access that should be able to be on a delegated team like this.
I'll be honest, I put my hand up to volunteer as I work in a security role and deal with data request regularly. I am not a Debian Developer but the process to become one is a little long and does require the sponsor. I suggested to them that they should create/advertise a clear path for such a critical role but it was ultimately rejected by leadership as their focus being to find current DDs to fulfill the volunteer positions.
I think that is shortsighted on their part but it is their decision and I understand the desire to have vetted individuals in such. critical position but I Las obelieve that when you're facing a critical gap like this one that you need to come up with unique solutions to solve this problem. If they were willing to sponsor the individuals that put their hands up and did a series of interviews, asked for references, etc, then they'd probably have these volunteer positions staffed already. But I digress.
Why is project lead is limiting only to debian developers? Would be better to get someone from outside with differen set of eyes and mind to uphold privacy policies?
"debian developer" is just the name for a debian project member
so really the requirement is "be on the team", which I think flows pretty naturally from this (even if that means the next step is "become part of the team")
> Debian Developer (DD) is our name for a Debian project member. A Debian Developer has many rights regarding the Project. One of the core rights is to be able to vote in General Resolutions the project may adopt, and to elect the Debian Project Leader
Because I like my governments directly elected, and I don't think that supranational organisations should have a say on the policies of the locality I live in. More often than not they are in contrast with my interests and the interests of the people around me.
That is on top of general disdain for overreach and overregulation, especially when it's based on the ridiculous "precautionary principle".
Thank you for taking the time to respond to me with your arguments.
I'd geberally agree with you: I also belive country politics and country laws are better suited to their specific Country. But... At the same time, however, I disagree with you: single european Countries alone won't stand any chance of competing economically (or militarily) with giant superstructures such as the US or Chinese conglomerates.
Oh of course same applies to other legal entities. Whatever data they have should be used freely for targeted advertising, training models and adjusting insurance premiums.
If Tille says “The fact that all team members have stepped back **at the same time** should make it clear that **we urgently need new volunteers** to fulfil this role,” I have a serious doubt he understands the real reason behind the incident.
Either he intentionally hides it from public, or believes in the technicality of the issue only, thinking that filling in empty chairs without solving the core issue will save the situation...
The call is for Debian developers only from what I understand.
> To: Debian Developers <debian-devel-announce@lists.debian.org>
I guess his is assumed for many, but naively I thought it was a general call.
Many people thought it was a general call, looking at the replies from random people volunteering to join. So many that a [separate clarification](https://lists.debian.org/debian-devel-announce/2026/01/msg00005.html) was sent a couple of days later.
A blogspam article that simply retells a single short email in 8 or so paragraphs. It's also 17 days old and the email is even older. There was also a [more recent d-d-a email](https://lists.debian.org/debian-devel-announce/2026/01/msg00005.html) clarifying that you indeed need to be a DD to be a part of that team.
Is this going to make the distro less secure? Sorry I am a new user and not an experienced Linux user yet so I'm probably being silly here. All the best.
It doesn't have any impact on the security. Data protection people are usually about following the various data protection regulations (e.g. the EU GDPR) and documenting it.
As a Sysadmin in the EU, I think it would be really cool if any user facing piece of software came with a chunk of documentation that I could just copy and paste into the relevant forms..
On the other hand any operator of a web site needs to declare what he collects, for what purpose and how long he keeps that data. That can be a major headache.
Nope, apparently according to another developer, over the course of the last year, the team did little more than answer the 4 user emails they got, because they were busy with other things, and they left so someone more able and willing to *do things* for data protection would take the role
I think the bigger question is what caused the three team members to simultaneously resign? I’d hesitate to volunteer, too, without any transparency as to what happened.
124 Comments
kalzEOS@reddit
AutoModerator@reddit
james_pic@reddit
Dave5876@reddit
asphias@reddit
loozerr@reddit
Informal_Drawing@reddit
Elketh@reddit
asphias@reddit
GhostInThePudding@reddit
asphias@reddit
TheJiral@reddit
_Rali@reddit
WealthyMarmot@reddit
solvedproblem@reddit
loozerr@reddit
WealthyMarmot@reddit
TheJiral@reddit
solvedproblem@reddit
SEI_JAKU@reddit
ComprehensiveHawk5@reddit
0x11110110@reddit
natermer@reddit
_Rali@reddit
This-Researcher-8117@reddit
HeightNormal8414@reddit
S7relok@reddit
HeightNormal8414@reddit
leaflock7@reddit
ShirouOgami22@reddit
enderfx@reddit
DuendeInexistente@reddit
junkieguru@reddit
spooker11@reddit
HeightNormal8414@reddit
Internet-of-cruft@reddit
MatchingTurret@reddit
CyberSkepticalFruit@reddit
ArdiMaster@reddit
CyberSkepticalFruit@reddit
TU4AR@reddit
Internet-of-cruft@reddit
MatchingTurret@reddit
AnonymousFuccboi@reddit
finbarrgalloway@reddit
noreasterroneous@reddit
ArdiMaster@reddit
MooseBoys@reddit
Gloomy_Butterfly7755@reddit
MooseBoys@reddit
Gloomy_Butterfly7755@reddit
MooseBoys@reddit
Gloomy_Butterfly7755@reddit
finbarrgalloway@reddit
billyalt@reddit
UnratedRamblings@reddit
MooseBoys@reddit
buttplugs4life4me@reddit
CyclopsRock@reddit
edparadox@reddit
lakislavko96@reddit
HeightNormal8414@reddit
lakislavko96@reddit
H0t4p1netr33S@reddit
PsyOmega@reddit
Delta_01001101@reddit
debian_miner@reddit
lakislavko96@reddit
PM_ME_YOUR_REPO@reddit
will_try_not_to@reddit
AmusingVegetable@reddit
TheOneTrueTrench@reddit
PM_ME_YOUR_REPO@reddit
DiscoBunnyMusicLover@reddit
penguin359@reddit
Delta_01001101@reddit
Delta_01001101@reddit
lakislavko96@reddit
aroslab@reddit
debian_miner@reddit
wRAR_@reddit
aroslab@reddit
-illusoryMechanist@reddit
ButtSpelunker420@reddit
CSE_Major@reddit
MouseJiggler@reddit
Bombini_Bombus@reddit
MouseJiggler@reddit
Bombini_Bombus@reddit
loozerr@reddit
fixermark@reddit
loozerr@reddit
yawara25@reddit
fixermark@reddit
CyberSkepticalFruit@reddit
Sparescrewdriver@reddit
Maxstate90@reddit
brrrchill@reddit
tulpyvow@reddit
tulpyvow@reddit
Victor_Quebec@reddit
TipAfraid4755@reddit
Salty-University2744@reddit
DeGamiesaiKaiSy@reddit
wRAR_@reddit
DeGamiesaiKaiSy@reddit
spurGeci@reddit
wRAR_@reddit
wRAR_@reddit
lacunauting@reddit
RealUlli@reddit
HeightNormal8414@reddit
lacunauting@reddit
jessecreamy@reddit
waltercool@reddit
waltercool@reddit
shawnfromnh1@reddit
Ps11889@reddit
RudePragmatist@reddit
MouseJiggler@reddit
This-Researcher-8117@reddit
MrHoboSquadron@reddit
tuxooo@reddit
Acceptable-Lock-77@reddit