[Popcon-developers] Bug#707951: popularity-contest: please leak less private information
Bill Allombert
Bill.Allombert at math.u-bordeaux1.fr
Sun May 12 10:39:42 UTC 2013
On Sun, May 12, 2013 at 11:53:17AM +0200, Bernhard R. Link wrote:
> Package: popularity-contest
> Version: 1.57
>
> Please do not send second resolution information about program usage.
> Best only send out information what is actually used by the resulting
> graphs (i.e. a per-package NO-FILES/OLD/RECENT-CTIME/VOTE information
> and nothing else).
I am considering rounding the number of second to the next multiple of 24h.
However, unless you are using strictatime, you probably do not leak much
information already.
It is important the vote determination is done in a centralised way.
> Without that installing popularity-contest on any computers with actual
> users is simply impossible, as it is too much of a hassle to get consent
> from all the users (not too speak about even explaining them what you
> seek consent for), as given that much information there is simply no
> way to can legally run it without informed consent.
> Additionally it would be nice to have a blacklist of packages to not
> send information from. Or perhaps some filter on packagename
> (mycompany-*) or sections (local/*).
I am considering to allow packages to opt out of popcon by adding a control field
like "X-Popcon: no". Would that be suitable ?
Cheers,
--
Bill. <ballombe at debian.org>
Imagine a large red swirl here.
More information about the Popcon-developers
mailing list