On Mon, Jul 17, 2023 at 05:36:48AM +0000, nick wrote: > > I hadn't considered it in my other responses, but calling it --privacy > would be a bad idea for exactly the reasons you laid out. Calling it > --useless-time would be better. It might also be worth pointing out that someone still might be able to figure out information from when a branch gets pushed to a git repo. Even if the time in the timestamp is randomized, when someone sends a pull request to github is not going to be randomize. Or if someone pushes their branch to github, and github actions is set up to automatically kick off regression tests as soon as the branch changes, this can also leak information about when the push happened. There are also integration test systems, such as the gce-xfstests's lightweight test manager, which polls the branch every 15 minutes, and the moment the branch changes, tests immediately start running and the timestamp when the test was kicked off is encoded in the testrunid. Which is why, quite frankly, I'm a bit dubious about the whole "I must obfuscate the time zone from which I am operating", as something that's really worth the effort, since it has a lot of downsides, and if the user is not careful, they may end up leaking information about when they are active anyway.... - Ted
