Dev/Debian
Donate
Debian page for developers level.
Debian Signed Source Packages
[edit]Debian source packages are signed by distribution package maintainer.
apt-get source hello
If it shows:
gpgv: Can't check signature: public key not found
To fix:
sudo apt install debian-keyring
Signatures are in .dsc files and can be verified using dscverify, apt-get or manually using gpg.
Missing Packages
[edit]Fully Not Available
[edit]Note: Excluded Whonix/Kicksecure exclusive packages like sdwdate..etc.
- tirdad main
kicksecure - kloak main Whonix
- Apparmor.d Link
- LKRG Link
- Hardened Malloc Link
- onion-grater main whonix
- Tor Browser (not the downloader) Link
- Peazip Link
- Session Messenger Link
- Element Matrix (called as well element-web) Client Server
- Signal Messenger Client Server
Partially Not Available
[edit]Note: Available only in sid/experimental doesnt make it really easily usable/available for stable.
Privacy
[edit]startdict
[edit]https://lists.debian.org/debian-devel/2025/10/msg00175.html
blog post:
StarDict Plugins in Debian 13 Raise Privacy Concerns
Debian bug reports:
2009: stardict broadcasts clipboard context over network
stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a dictionary server, which allows remote attackers to obtain sensitive information by sniffing the network.
resolution:
- Applied 07_disable_netdict.dpatch: (Closes:#534731) CVE-2009-2260
- disable netdict by default
- giving warning message
- Added --disable-dictdotcn option for CVE-2009-2260
2011: stardict: Always uses Dict.cn even when net dictionnaries are disabled
resolution: none
2015: Stardict leaking user data in default configuration.
resolution:
- d/stardict-plugin.install:not install stardict_dictdotcn.so, Closes: #806960
- d/rules:Added --disable-dictdotcn option, dictdotcn is not provid server now
resolution: pending
Debian user mailing list discussion:
Links to the package:
- https://packages.debian.org/search?keywords=stardict
- https://packages.debian.org/search?keywords=stardict-plugin
- https://packages.debian.org/search?keywords=stardict-gtk
- https://packages.debian.org/source/bookworm/stardict
Link to Debian source code:
- source package: https://salsa.debian.org/debian/stardict
- Debian patches: https://udd.debian.org/patches.cgi?src=stardict
Quotes:
The stardict-plugin install many plugin for stardict. YouDao plugin is one of them.stardict-plugin: CVE-2025-55014: YouDao plugin sends the user's selection from other apps to Chinese servers
Debian changelog excerpt:
stardict (3.0.6-0.1) unstable; urgency=medium
* Non-maintainer upload.
[ Ondřej Nový ]
* d/control: Set Vcs-* to salsa.debian.org
[ Jeremy Bicha ]
* New upstream release (Closes: #667929, #846283)
* Include 3.0.3-1 packaging from the VCS that was never uploaded to Debian
* Update debian/watch
* Drop patches applied in new release:
- 07_disable_netdict.patch
- 10_fix-narrowing.patch
reverse-depends stardict
Reverse-Recommends ================== * stardict-czech * stardict-english-czech * stardict-german-czech * stardict-xmlittre
reverse-depends stardict-plugin
Reverse-Recommends ================== * stardict-gtk * stardict-plugin-cal * stardict-plugin-espeak * stardict-plugin-festival * stardict-plugin-fortune * stardict-plugin-info * stardict-plugin-spell
Interpretation :
2010 Jul 27 as per b85c21b3b03a27bd0fb08c72f3d2e02c87387d29 by Andrew Lee. [1]
+ add_entry("/apps/stardict/preferences/network/enable_netdict", false);
...
2018 Oct 16
07_disable_netdict.patch [2] did
+ label = gtk_label_new(_("Warning: Requests to remote StarDict server are sent over the network in an unencrypted form. Do not enable this if you are translating sensitive documents."));
This was removed in 3.0.6-0.1 by Jeremy Bicha with reason "Drop patches applied in new release".
Verdict: TODO
Installers
[edit]Debian doesn't have an explicit policy that categorically prohibits installers from downloading software from external sources.
The following is a description only. Not a policy.
no network -- most buildds will have no network access available. Your package build+test process must not attempt to use the network or assume that any network interface is available.https://wiki.debian.org/buildd
Debian policy.
The contrib archive area contains supplemental packages intended to work with the Debian distribution, but which require software outside of the distribution to either build or function.https://www.debian.org/doc/debian-policy/ch-archive.html#the-contrib-archive-area
Examples of packages which would be included in
contribare:
- free packages which require contrib, non-free packages or packages which are not in our archive at all for compilation or execution,
- and wrapper packages or other sorts of free accessories for non-free programs.
Example installers:
- in
contrib:torbrowser-launcher - in
contrib:firmware-b43-installer
A secure by default operating system with the latest security research in place.
At
Kicksecure we value freedom and trust, supporting Open Source and Freedom Software
2012-
2025 ENCRYPTED SUPPORT LLC
We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!