On Fri, May 03, 2013 at 03:30:39PM -0600, Kevin Fenzi wrote: > Right, but then this information is security sensitive... > > User installed httpd-x.y-Z on YYYY-MM-DD, but on looking you don't see > them installing the security update that was released after that -> > target. > > Or even, user installs foo, foo is insecure and is dropped from fedora, > you might know that they have it still installed and can leverage that. > > Or you see that user does security updates every friday, so you know > they might be vulnerable thursdays. > > Also, you may see users install something, but we have no way of > knowing if they try it and hate it and remove it right after. All true, that's the reason why IP address will never be available from the data. > Also, the way our mirroring works, they can get the package from any > mirror at all, so we may not see patterns that are there if we could > see logs of all mirrors instead of just one. Yeah, I did not realized that - this is quite limiting. Taking NAT issue into account, I don't think anymore it is good source of data :-( -- Later, Lukas "lzap" Zapletal irc: lzap #theforeman _______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/infrastructure
