On Thu, Mar 27, 2025 at 08:46:53PM +0100, Simon Josefsson wrote: > Bill Allombert <ballo...@debian.org> writes: > > > Dear Debian developpers, > > > > popularity-contest relies on /usr/bin/gpg for encrypting files. > > (it cannot use gpgv which does not provide encryption). > > Why does it need to encrypt data? > > Can't we just send telemetry over https like everyone else?
No we cannot, because the client cannot check certificates, and the server would be required to use a TLS library that support all SSL/TLS protocols that have been in use since 2013. For reference, we receive more than 6000 weekly submissions from systems that are still running jessie. > I don't think the security properties of a popcon recipient PGP key and > the WebPKI keys is all that different. Both are keys held by others who > users have little information about. At least for WebPKI there are > policies and transparency mechanisms in place, but the Debian PGP keys > we have none of that. Which approach results in better outcome is > probably a subjective opinion. The public PGP key is shipped in the popularity-contest package. This key is only used to send popcon report, which are assumed to be of moderate sensibility only (otherwise, do not report!). A copy of what have been sent is logged in /var/log/. Any consideration of security needs to include the security of the server. Cheers, Bill.
