On 2023-07-16 at 23:07:06, nick wrote: > nick wrote: > > The time zones reveal private information about developers and they > > don't even serve a use case, as far as I'm aware. A backwards-compatible > > way to solve this leak would be to convert timestamps to UTC by default > > and have a Git config option to revert back to the current behavior. > > Come to think of it, even if timezones were converted to UTC by default, > time of day would still leak information about a user's likely timezone. This is true. My .signature indicates where I'm located (which isn't a secret), but I have `TZ=UTC` set in my shell config. You'll notice that my timestamp is +0000 in all my commits. I keep a reasonably regular daytime schedule, so it's easy to tell what my hours are. > So based on that and keeping in mind Git's desire for strong > backwards-compatibility, I'm amending my proposal to just a standalone > Git option which would allow for forging timestamp and timezone > information, with timestamp information being forgeable to varying > degrees of granularity. One thing I've wanted Git to do (which I'm not sure is backwards compatible) is to set the timezone to -0000 (instead of +0000) to indicate that the user has intentionally refused to set the timezone, much like the equivalent syntax in RFC 5322. I think that's a fine choice for lots of reasons, but it prevents people from accidentally concluding that I live in Reykjavík and expecting a response from me when I'm actually in bed. I'd support a command-line and config option that did that, in addition to an option that adjusted the timezone. -- brian m. carlson (he/him or they/them) Toronto, Ontario, CA
Attachment:
signature.asc
Description: PGP signature
