On Mon, Jan 07, 2019 at 02:27:39PM -0600, Bruno Wolff III wrote: > Is this data only going to be sent to the metalink or do the mirrors > actually used, get the data? That's a good question. > Is the data going to be sent along with requests to non-Fedora repos > (e.g. rpmfusion)? Also a good question. The intent in any case is to share aggregate information (in a way we don't currently), so third parties will benefit from that even if they don't have their own counting. > This will make it much easier to spoof being lots of systems. Is > there some plan to mitigate this risk? I guess I'm not super worried about that. We could probably add some server-side heuristics to detect suspicious activity. > Is this going to turn on automatically for rawhide users? I propose that it will at some point, yes. Perhaps a devel-announce post is appropriate. > Is this going to happen on install or upgrade before there is a > chance to turn it off? Maybe? Keep in mind that you are _already_ contacting the mirror systems when installing or upgrading. Sending a random number once (or a few times, even) does not seem particularly invasive. For what it's worth, with Ubuntu's new opt-out info collection, they send a pingback _when someone opts out_, so that they can get a sense of % of people who make that choice. I'm not proposing that here, but... I think we can be privacy sensitive without needing to over-design beyond reasonable expectations. Again, especially given that software installed by default on most Fedora installations does not have any strong restrictions. > Are the UUIDs going to be sanity checked so that NSFW UUIDs don't > show up in reports? You mean if someone sends a fake UUID rather than a genuine one? I don't expect we'll actually present the UUIDs directly in reports. It does seem reasonable to check that UUIDs actually match the expected format, which should cut out most of that. -- Matthew Miller <mattdm@xxxxxxxxxxxxxxxxx> Fedora Project Leader _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
