On Mon, Jan 7, 2019 at 4:55 PM Bruno Wolff III <bruno@xxxxxxxx> wrote: > > On Mon, Jan 07, 2019 at 16:41:46 -0500, > John Harris <johnmh@xxxxxxxxxxxxx> wrote: > >On Monday, January 7, 2019 4:31:29 PM EST Bruno Wolff III wrote: > >> If the strings aren't checked when they are received, they could be > >> anything. > >> The system varient also has the same issue. You shouldn't trust > >> the clients supplying this information. > > > >If we are just using this UUID to count machines, it doesn't matter what the > >UUID is. Just that it's different between machines. > > Yes, if they are not so long as to break the software and no public report > has the actual strings so the project doesn't get embarrassed and no one who > has to look at the strings is easily offended, then it isn't a problem. > > The system varient is probably a bit different of a case. Unexpected varients > could end up in public reports depending on things are designed. It might > be good to throw out any data which has unexpected varients in it. I think the only useful data we could get from unknown variants would be "the number of times we see an unknown variant". So I think throwing it away and just incrementing a counter of "the number of times people have tried to poison the data" is probably reasonable. _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
