On 10 November 2016 at 14:04, Lennart Poettering <mzerqung@xxxxxxxxxxx> wrote: > On Tue, 08.11.16 23:14, Zbigniew Jędrzejewski-Szmek (zbyszek@xxxxxxxxx) wrote: > >> On Tue, Nov 08, 2016 at 05:25:36PM -0500, Matthew Miller wrote: >> > On Tue, Nov 08, 2016 at 04:49:42PM -0500, Stephen Gallagher wrote: >> > > SUSE generates a random name of the format linux-XXXXXX (I'm not sure how many >> > > My proposal is that we should consider changing the default hostname for Fedora >> > > 26 to be either FED-XXXXXXXXXXX or FEDORA-XXXXXXXX. The former allows for a >> > >> > How about non-yelly Fedora-XXXXXXXXXXX? Since SUSE apparently does >> > lower case, that should be fine, right? >> >> Bastian Nocera also filed https://bugzilla.redhat.com/show_bug.cgi?id=1392925, >> where he proposes "fedora" as the hostname. I think "fedora" is better than >> "localhost", and a non-constant hostname would be even better. >> For interactive installs (like with anaconda) it would be great if we could >> ask for the hostname. For non-interactive ones, "Fedora-[0-9a-z-]{8}" seems >> like a good option (*). It would give "branding", and solve the freeipa issues. >> It would also be a good default for the interactive case, so that people can >> "click through" without having to pick anything. > > I'd be careful with this. I'd prefer a more generic default hostname > over a more specific, so that we leak as little information about our > system onto the network as possible. > > I mean, using "localhost.localdomain" is already leaky enough, given > that only fedora is using this as default hostname — however, it's > still better than telling everyone "Hay, I am running Fedora!". The one thing to be aware of is that some of these items while useful to fingerprint aren't as reliable as things we leak elsewhere like kernel version/glibc version/compile time flags and how we respond to TCP requests. Those usually leak a lot more and are much easier to get even sneakily than localhost.localdomain or fedora-xxxxxx. You also have to be careful about appearing too random [say changing the mac address each connection.. it needs to change within certain noise levels or you look "like someone with something to hide." versus someone trying to blend in.] > Lennart > > -- > Lennart Poettering, Red Hat > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx -- Stephen J Smoogen. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
