Re: automatic package statistics

To: Julian Assange <proff%iq.org@localhost>
Subject: Re: automatic package statistics
From: Bill Sommerfeld <sommerfeld%orchard.arlington.ma.us@localhost>
Date: Thu, 14 Oct 1999 11:41:59 -0400

I don't like this idea unless it's off by default with an opt-in.
(and, as someone else pointed out, not using opt-in would give us
trouble with database privacy laws in some jurisdictions).

One nit: "uname -a" includes not just one, but two hostnames.  Of the
uname flags, -n includes the hostname of the system, and our kernel
version format includes the username and hostname of the kernel
builder.

"uname -prs" would be less of a privacy invasion.

A more significant concern is that the server, and anyone in a
position to wiretap a significant fraction of the traffic destined to
it, could accumulate a list of who had which packages installed, and,
in the event that a security exploit in a package were uncovered, it
would be trivial to use that list to come up with a "hit list" of
systems to attack.

                                        - Bill

Follow-Ups:
- Re: automatic package statistics
  - From: Manuel Bouyer

References:
- automatic package statistics
  - From: Julian Assange

Prev by Date: Re: automatic package statistics
Next by Date: Re: automatic package statistics
Previous by Thread: Re: automatic package statistics
Next by Thread: Re: automatic package statistics
Indexes:

Home | Main Index | Thread Index | Old Index