Hi, On Thu, Oct 10, 2024 at 02:08:52PM -0400, Lee wrote: > On Thu, Oct 10, 2024 at 1:00 AM Jeffrey Walton wrote: > > > On Wed, Oct 9, 2024 at 7:40 PM Andy Smith wrote: > > > > [...] > > > > You can encrypt it but that requires (a) a conscious decision to do so, > > > > and (b) installing gnupg. > > > > > > Do you have a link to instructions for encrypting popcon traffic? > > > I've already got gnupg installed. > > > > popcon is encrypted by default as of version 1.60, assuming you have > > not changed the default setting. See <https://popcon.debian.org/FAQ>.
Ah! I haven't re-read that document in so long. I wish I could edit or delete my prior post now. > I suppose I'm depending on the Debian developers to patch all of the > known software security issues. > Any help on how to check that assumption? With these sorts of things there's not only the need to trust the organisation's competency and motives but also that they are only storing what they say they are storing, as a compromise gives the data to people with unknown motives. I don't know how you would check that they are not storing your IP address but only the anonymised id number. Still, I would be prepared to trust that Debian discards the IP address data very early on. Even so, this collection of packages and time of use of binaries is more data than a lot of places would be willing to authorise unless absolutely necessary. Thanks, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting
