On Mon, Nov 07, 2016 at 11:22:42PM +0100, Joerg Jaspert wrote: > No logging or name is needed, with the set of questions in this survey > one only needs a bit of knowledge of Debian and its people to identify a > high amount of the survey takers, I think. (I still took it)
This is becoming an FAQ, so let me address it here instead of just waiting for the blog post including its answer to be written. Yep, you're absolutely right. And this is in fact why we included in the survey announcement a promise to distribute the results only in aggregate form, because cross-referencing with Debian info it would be easy to deanonymize people. So the "thread model" here is not "untrusted/byzantine survey organizers" (if you don't trust the organizers you're probably screwed anyhow, as we could be lying about not logging IP address or HTTP referrers, after all). The "threat model" is rather: "untrusted readers of published survey *results*", which we will aggregate to avoid deanonymization. And of course all questions are optional, so if people fill itchy about specific ones, just leave them out. I'm available for further clarifications if needed, Cheers. -- Stefano Zacchiroli . z...@upsilon.cc . upsilon.cc/zack . . o . . . o . o Computer Science Professor . CTO Software Heritage . . . . . o . . . o o Former Debian Project Leader . OSI Board Director . . . o o o . . . o . « the first rule of tautology club is the first rule of tautology club »
