Am 18.11.2014 um 18:29 schrieb Bruno Wolff III:
On Tue, Nov 18, 2014 at 18:16:12 +0100, drago01 <drago01@xxxxxxxxx> wrote:On Tue, Nov 18, 2014 at 3:00 PM, Bruno Wolff III <bruno@xxxxxxxx> wrote:We shouldn't be doing that either. Any welcome page initially displayed should be from a copy on the installation, not something fetched from a remote server.That's getting into the "paranoid" area .. where do you draw the line? The fedora project (and lots of its mirros)also gets your ip when the system checks for updates,Mozilla is a third party. There is no reason that they should be contacted by default.
calling upstream "3rd party" is somehow strange most code in fedora is from 3rd partyif you don't trust the 3rd party you *really* need to review every single line of code
Even for mirrors, people run local mirrors. Not every installation contacts Fedora mirrors directly.
most of them for sure not because hide the IPtypically it's done because someone has to maintain 5, 10, 20, 100 machines and want to save time and/or bandwidth, maybe even combined with save ressources of the official mirrors
The cost of avoiding phoning home in tese cases is low. You can install a copy of the file locally and use a file: reference to it. The file can include a link to the source so that people can fetch a possibly more up to date version if they want.
nobody said anything against that*but* please avoid FUD and paranoia and claim upstream unstrustable until you can prove that instead of assume it
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
