[Popcon-developers] Bug#707951: popularity-contest: please leak less private information
Bernhard R. Link
brlink at debian.org
Sun May 19 19:44:24 UTC 2013
* Bill Allombert <Bill.Allombert at math.u-bordeaux1.fr> [130512 12:39]:
> On Sun, May 12, 2013 at 11:53:17AM +0200, Bernhard R. Link wrote:
> > Package: popularity-contest
> > Version: 1.57
> >
> > Please do not send second resolution information about program usage.
> > Best only send out information what is actually used by the resulting
> > graphs (i.e. a per-package NO-FILES/OLD/RECENT-CTIME/VOTE information
> > and nothing else).
>
> I am considering rounding the number of second to the next multiple of 24h.
> However, unless you are using strictatime, you probably do not leak much
> information already.
Doesn't relatime update atime when it is older than a day? So doesn't
relatime/strictatime just change from "second of last use before popcon
run" so "second of first use in a 24 hours window, but still exact to
a second"?
> It is important the vote determination is done in a centralised way.
How does that prevent not sending timestamps?
> > Additionally it would be nice to have a blacklist of packages to not
> > send information from. Or perhaps some filter on packagename
> > (mycompany-*) or sections (local/*).
>
> I am considering to allow packages to opt out of popcon by adding a control field
> like "X-Popcon: no". Would that be suitable ?
That means you have to consider that when creating packages, which would
be quite complicated to get retroactively.
Bernhard R. Link
More information about the Popcon-developers
mailing list