On Mo, 07.01.19 11:34, Ben Cotton (bcotton@xxxxxxxxxx) wrote: > === Constraints === > * The Fedora community cares about privacy and is adverse to tracking > measures. We don't want to track; just count. Uh, so what's the story there? i mean, if you pass over the uuid you make clients trackable, regardless if you want to make use of that or not... > * For this reason, we don’t want to use any identifier like > /etc/machine-id which may be used for other purposes. For purposes like this we have "application-specific machine IDs". This is exposed in the sd_id128_get_machine_app_specific() API: https://www.freedesktop.org/software/systemd/man/sd_id128_get_machine.html App-specific machine IDs are determined as HMAC-SHA256 of the supplied 128bit ID identifying the app, keyed by the machine ID. (Why this way, and not the opposite, i.e. the HMAC-SHA256 of the machine ID, keyed by a specified app ID? simply because that is not how HMACs are supposed to be used, as the data to protect here is not the app id — which would normally be hardcoded in your public sources — but the machine id.) It appears to me that this concept is what you might want to use here. You could either use our C API for that, but you can easily reimplement it in a fully compatible way in any programming language you like without using our C API too, after all HMAC-SHA256 is pretty commonly available and not fancy in any way. Anyway, just wanted to mention that the concept exists already, and if the described feature is a good thing, then this is something to consider, but then again I am not totally convinced what you want to do here is the way to go in the first place... BTW, afaik Ubuntu counts installations through NTP: they provide their own NTP servers, and by default all installations are hooked up to that. This way they have a pretty good estimate how many concurrent ubuntu installations are online at any time, since NTP means there's a regular ping cycle in place. Of course they will only track online systems that way, but I think that's an OK limitation... Of course, doing it that way would mean fedora would have to host NTP servers... Lennart -- Lennart Poettering, Red Hat _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
