[Popcon-developers] Accessing popcon data
Tássia Camões
tassia at gmail.com
Thu Mar 24 15:49:36 UTC 2011
Thanks for your inputs enrico.
2011/3/23 Enrico Zini <enrico at debian.org>:
>
> Here is an example: pick a package X which has '1' inst on popcon; note
> who is the maintainer. Then query a recommender asking 'what do you
> suggest me to install if I have package X installed?': chances are that,
> with many recommenders, the result is a list of the packages installed
> on the maintainer's machine.
>
> This specific example attack can be prevented by ignoring packages
> installed in less that a certain number of systems, but there can be
> more examples.
>
Yes, I'm aware of this one. As I said on the other message, we intend
to ignore those packages with very feel installations when computing
recommendations.
> It is of course not the point of your research, and as long as there are
> no obvious ways to exploit the recommender, I don't think the lack of
> literature on information leaks will be an obstacle for deployment once
> it works.
>
Great ;-)
It's very good to have a discussion on this though.
Cheers,
Tássia.
More information about the Popcon-developers
mailing list