seth vidal wrote:
On Fri, 2006-10-06 at 12:40 -0400, Christopher Blizzard wrote:
seth vidal wrote:
That's inappropriate and I will resist it.
I'm not that interested in the what or the who - just the if. That is,
are they using it? That's it.
Then choose your terminology much more carefully. It sounds a lot like
you're interested in individual ips/users and when they interact with
the system.
I'm interested in some set of those. Bill (in another message) talks
about tracking what packages people are using. As part of what I'm
suggesting (just a web cookie or auto generated uuid on the system)
isn't that. Doesn't show what someone is doing, or what they have used
it for. Just that it exists.
and it shows that they download tor, gpg and seahorse then a lot can be
inferred by that list.
HAVING the information means that others can subpoena it.
That depends on how you collect that information. I think you're
assuming that the collection is connected to the package manager. It
certainly doesn't have to be that way. Collect it on another server
entirely, don't correlate UUIDs or cookies to IP addresses and ditch old
cookies that only show up once after some certain amount of time.
You can only correlate those things if you choose to. Or you make poor
system design choices.
You're worried about a subpoena. What I'm saying is that if someone did
that and asked for "the information" they would get a response that says
something like:
"Yes, some computer out there generated an ID and submitted it to our
system. Sometimes it returns to reping us as well."
--Chris
_______________________________________________
fedora-advisory-board mailing list
fedora-advisory-board@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-advisory-board
_______________________________________________
fedora-advisory-board-readonly mailing list
fedora-advisory-board-readonly@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-advisory-board-readonly
