Hi, On Fri, Oct 11, 2024 at 9:25 PM Andy Smith wrote: > > Hi, > > On Thu, Oct 10, 2024 at 02:08:52PM -0400, Lee wrote: > > On Thu, Oct 10, 2024 at 1:00 AM Jeffrey Walton wrote: > > > > On Wed, Oct 9, 2024 at 7:40 PM Andy Smith wrote: > > > > > [...] > > > > > You can encrypt it but that requires (a) a conscious decision to do > > > > > so, > > > > > and (b) installing gnupg. > > > > > > > > Do you have a link to instructions for encrypting popcon traffic? > > > > I've already got gnupg installed. > > > > > > popcon is encrypted by default as of version 1.60, assuming you have > > > not changed the default setting. See <https://popcon.debian.org/FAQ>. > > Ah! I haven't re-read that document in so long. I wish I could edit or > delete my prior post now.
The bit with zless was worth the post. I'd been doing zcat foo.gz | more > > I suppose I'm depending on the Debian developers to patch all of the > > known software security issues. > > Any help on how to check that assumption? > > With these sorts of things there's not only the need to trust the > organisation's competency and motives but also that they are only > storing what they say they are storing, as a compromise gives the data > to people with unknown motives. I normally take the attitude that if they don't know it they can't spill it. Which can make for an interesting conversation when a doctor's office wants my SSN & I leave that bit of the form blank. But I'm not making any secret about what software I'm using, so even if popcon does spill some data it doesn't seem all that important to me. > I don't know how you would check that they are not storing your IP > address but only the anonymised id number. Still, I would be prepared to > trust that Debian discards the IP address data very early on. > > Even so, this collection of packages and time of use of binaries is more > data than a lot of places would be willing to authorise unless > absolutely necessary. I can sort of understand the thinking of "it's not worth the risk." But I'm hiding behind a firewall & I suspect my greatest risk is my use of firefox. I'm not all that worried about popcon. It is, at least theoretically, a risk. But it seems like a very small risk vs. what might be a bigger risk of whatever software I'm using being dropped from Debian. Thanks Lee
