Re: F30: System-Wide Change proposal: DNF UUID

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mo, 07.01.19 11:34, Ben Cotton (bcotton@xxxxxxxxxx) wrote:

> === Constraints ===
> * The Fedora community cares about privacy and is adverse to tracking
> measures. We don't want to track; just count.

Uh, so what's the story there? i mean, if you pass over the uuid you
make clients trackable, regardless if you want to make use of that or
not...

> * For this reason, we don’t want to use any identifier like
> /etc/machine-id which may be used for other purposes.

For purposes like this we have "application-specific machine
IDs". This is exposed in the sd_id128_get_machine_app_specific() API:

https://www.freedesktop.org/software/systemd/man/sd_id128_get_machine.html

App-specific machine IDs are determined as HMAC-SHA256 of the supplied
128bit ID identifying the app, keyed by the machine ID. (Why this way,
and not the opposite, i.e. the HMAC-SHA256 of the machine ID, keyed by
a specified app ID? simply because that is not how HMACs are supposed
to be used, as the data to protect here is not the app id — which
would normally be hardcoded in your public sources — but the machine
id.)

It appears to me that this concept is what you might want to use
here. You could either use our C API for that, but you can easily
reimplement it in a fully compatible way in any programming language
you like without using our C API too, after all HMAC-SHA256 is pretty
commonly available and not fancy in any way.

Anyway, just wanted to mention that the concept exists already, and if
the described feature is a good thing, then this is something to
consider, but then again I am not totally convinced what you want to
do here is the way to go in the first place...

BTW, afaik Ubuntu counts installations through NTP: they provide their
own NTP servers, and by default all installations are hooked up to
that. This way they have a pretty good estimate how many concurrent
ubuntu installations are online at any time, since NTP means there's a
regular ping cycle in place. Of course they will only track online
systems that way, but I think that's an OK limitation...

Of course, doing it that way would mean fedora would have to host NTP
servers...

Lennart

--
Lennart Poettering, Red Hat
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux