On Mon, Jan 07, 2019 at 22:54:46 +0100, Tom Gundersen <teg@xxxxxxx> wrote:
You could move the rotation to the client by hashing the UUID with a timestamp of sufficiently coarse granularity (a week?) before submitting it. Then you make sure that all UUIDs submitted by a given machine during a given time window are the same, but UUIDs submitted in different windows are not related, and you don't have to trust the server to respect your privacy.
There are ways to link the new UUIDs to the old ones in many cases. This could be by looking at IP addresses in common, times of the requests, varients, repo(s) and possibly other characteristics of the requests. While a GUUID is in use it could be used to link IP, and time information with more certainty than you would otherwise. So this allows better tracking than if you just had to go by IP, time and other information in the requests.
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
