Jason Pyeron wrote: > > nick wrote: > > Come to think of it, even if timezones were converted to UTC by default, > > time of day would still leak information about a user's likely timezone. > > Discussed this with our policy wonks... > > Short answer - no. There is no legal assumption that can be made - your > work hours cannot be assumed to be 9-5. They also said that time zone is > "too broad at 1/24th of the world", but understood the concern. An adversary may have other information which can be correlated with the timestamps or timezone, making them less benign than in isolation. > That being said the recommendation is to add --privacy I'm not familiar with the processes here. Is it my responsibility to implement it since I proposed it or who shall implement it? > Where it assumes some defaults and those defaults can be controlled in > your config or via --privacy=option1,option2 > > And then some of the options can be: > > date-timezone=UTC > > date-precision=8hour This sounds great. A few preliminary ideas on implementation: 'date-precision' must round the author AND committer timestamps otherwise it's useless 'date-precision' must round down, never into the future 'date-timezone' must convert the date from local time and not just replace the timezone Any thoughts on making 'date-precision' also apply to GnuPG signature timestamps? It's possible to specify a custom GnuPG command which does this using gpg.program, but it's inconvenient. The relevant GnuPG option is '--faked-system-time <epoch>!' If that idea is no good, there should at least be a warning displayed when the user signs anything with GnuPG with 'date-precision' enabled. If that idea is good, then there should be a conditional check that the rounding performed by 'date-precision' does not round down to before the signing key was generated. Otherwise the signature will be invalid.
