On Monday, January 14, 2019 6:48:47 PM EST Matthew Miller wrote:
> Merging Core and Extras into one thing was absolutely the
> right thing to do for the project, but not having a unique name for the
> resulting OS was a mistake and leads to this. Ah well.
In your opinion, is the purpose of the Fed
On Mon, Jan 14, 2019 at 09:12:51PM +0100, Kevin Kofler wrote:
> > It's not an artificial distinction. Editions are particular solutions
> > targeting particular key use cases identified by the Fedora Board (and now
> > Council). This is different from a desktop Spin, which is focused on
> > deliver
On Mon, Jan 14, 2019 at 6:20 PM wrote:
> On Mon, Jan 14, 2019 at 12:05 PM, John Harris
> wrote:
> > The easiest way to make any of the Spins more accessible, for them to
> > have any
> > chance comparable to the prominent advertising of Workstation and
> > similar
> > options, would be to make t
On Mon, Jan 14, 2019 at 12:05 PM, John Harris
wrote:
The easiest way to make any of the Spins more accessible, for them to
have any
chance comparable to the prominent advertising of Workstation and
similar
options, would be to make them more prominent on the "getfedora"
index. This
also have
Matthew Miller wrote:
> It's not an artificial distinction. Editions are particular solutions
> targeting particular key use cases identified by the Fedora Board (and now
> Council). This is different from a desktop Spin, which is focused on
> delivering that particular technology, or from Labs, wh
On Monday, January 14, 2019 12:56:30 PM EST Matthew Miller wrote:
> I think it's better to not focus so much on the central page or on the
> "getfedora" brochure site, and to instead make the page for each particular
> solution more useful and more discoverable.
The easiest way to make any of the
On Sun, Jan 13, 2019 at 02:15:19PM -0500, Stephen John Smoogen wrote:
> > Then can we change the title of the thread?
> Nico, you know this better than me. This is email not a forum. People can
> rename threads but depending on the email software it will just look like a
> completely different thre
On Sat, Jan 12, 2019 at 07:51:34PM +0100, Kevin Kofler wrote:
> I think John's statement was pretty clear: The artificial distinction
> between "Editions" and "Spins" needs to go away.
It's not an artificial distinction. Editions are particular solutions
targeting particular key use cases identif
On Sun, 13 Jan 2019 at 12:47, Nico Kadel-Garcia wrote:
> On Sun, Jan 13, 2019 at 11:54 AM Stephen John Smoogen
> wrote:
> >
> >
> >
> > On Sat, 12 Jan 2019 at 22:25, Nico Kadel-Garcia
> wrote:
> >>
> >> On Fri, Jan 11, 2019 at 4:37 PM Roberto Ragusa
> wrote:
> >> >
> >> > On 1/8/19 4:22 PM, Le
On Sat, Jan 12, 2019 at 07:51:34PM +0100, Kevin Kofler wrote:
> Stephen John Smoogen wrote:
> > Side note, I was at a loss of what you were getting at. There were several
> > ways it could be interpreted and has been used by people in the past to
> > mean different things.
>
> I think John's state
On Sun, Jan 13, 2019 at 11:54 AM Stephen John Smoogen wrote:
>
>
>
> On Sat, 12 Jan 2019 at 22:25, Nico Kadel-Garcia wrote:
>>
>> On Fri, Jan 11, 2019 at 4:37 PM Roberto Ragusa wrote:
>> >
>> > On 1/8/19 4:22 PM, Lennart Poettering wrote:
>> >
>> > > If all you want to do is count, then it shoul
On Sat, 12 Jan 2019 at 22:25, Nico Kadel-Garcia wrote:
> On Fri, Jan 11, 2019 at 4:37 PM Roberto Ragusa
> wrote:
> >
> > On 1/8/19 4:22 PM, Lennart Poettering wrote:
> >
> > > If all you want to do is count, then it should be entirely sufficient
> > > to do it like this:
> > >
> > >GET /meta
On 1/12/19 7:24 PM, Nico Kadel-Garcia wrote:
Writing this into the dnf behavior is typical, but i't's not
beneficial to the clients. It's beneficial to the mirrors, who are
likely to sell the data. While it may be that infamous problem, a
"Simple Matter Of Programming(tm)" to sanitize the data, t
On Fri, Jan 11, 2019 at 4:37 PM Roberto Ragusa wrote:
>
> On 1/8/19 4:22 PM, Lennart Poettering wrote:
>
> > If all you want to do is count, then it should be entirely sufficient
> > to do it like this:
> >
> >GET /metalink?repo=fedora-28&arch=x86_64&edition=&countme=1
> > HTTP/1.1
> >
> > th
Stephen John Smoogen wrote:
> Side note, I was at a loss of what you were getting at. There were several
> ways it could be interpreted and has been used by people in the past to
> mean different things.
I think John's statement was pretty clear: The artificial distinction
between "Editions" and
On Sat, 12 Jan 2019 at 04:37, John Harris wrote:
> On Saturday, January 12, 2019 2:27:33 AM EST Adam Williamson wrote:
> > Just as a note, Workstation isn't a spin, it's a Fedora Edition:
> >
> > https://fedoraproject.org/wiki/Editions
> >
> > framing it as if it's "just another spin" is a bit of
John Harris wrote:
> Really, the issue there is specifically that it isn't "just another spin",
+1
This pointless artificial distinction between "Editions" and "Spins" needs
to stop (because there is no technical difference whatsoever between the 2
concepts), as does the unfair advertising ("Ed
On Saturday, January 12, 2019 2:27:33 AM EST Adam Williamson wrote:
> Just as a note, Workstation isn't a spin, it's a Fedora Edition:
>
> https://fedoraproject.org/wiki/Editions
>
> framing it as if it's "just another spin" is a bit off. Its prominence
> is quite intentional and the whole Fedora
On Fri, 2019-01-11 at 18:48 -0500, John Harris wrote:
> On Friday, January 11, 2019 4:36:54 PM EST Roberto Ragusa wrote:
> > That is, apply the logic above only if(hash(machine_id)%1000==0)
> > (this becomes a poll instead of a referendum, results must then be
> > multiplied by 1000)
>
> If this i
On Friday, January 11, 2019 4:36:54 PM EST Roberto Ragusa wrote:
> That is, apply the logic above only if(hash(machine_id)%1000==0)
> (this becomes a poll instead of a referendum, results must then be
> multiplied by 1000)
If this is done, the likelyhood of invalid data for the given Spin is prett
On 1/8/19 4:22 PM, Lennart Poettering wrote:
> If all you want to do is count, then it should be entirely sufficient
> to do it like this:
>
>GET /metalink?repo=fedora-28&arch=x86_64&edition=&countme=1 HTTP/1.1
>
> the first time within each one-week window and a simple
>
>GET /metalink
On Mon, Jan 07, 2019 at 01:29:42PM -0500, Matthew Miller wrote:
> On Mon, Jan 07, 2019 at 12:30:53PM -0500, John Harris wrote:
> > > The Fedora community cares about privacy and is adverse to tracking
> > > measures. We don't want to track; just count.
> > If this is ever implemented, we should pro
On Tue, Jan 08, 2019 at 09:43:01AM +0100, Lennart Poettering wrote:
> Moreover, afair we install and enable NTP clients by default on all
> our installations, no? just like pretty much any other OS these days
> does... counting by NTP mostly just means switching from NTP pool
> servers to fedora's
On Wed, Jan 09, 2019 at 01:38:07PM +0100, Tomasz Torcz wrote:
> Nb. “UUID” sounds terribly technical. Can we use some term which
> is already known and understood by users, e.g. Advertising ID?
Well, it very much is not an "advertising ID", so not that.
But I think we're going to explore the no
On 1/9/19 4:45 AM, Nicolas Mailhot wrote:
Le 2019-01-08 18:13, Robert Marcano a écrit :
On 1/7/19 2:28 PM, Matthew Miller wrote:
On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote:
* The Fedora community cares about privacy and is adverse to tracking
measures. We don't want to
* Peter Robinson:
>> > Not if we don't keep them for long. One idea is to rotate them fairly
>> > frequently. But this is mostly a statement of intent and might be more
>> > about
>> > how we build the backend than about what we force in the client.
>>
>> My understanding is that the Fedora proje
On Wednesday, January 9, 2019 3:45:16 AM EST Nicolas Mailhot wrote:
> Le 2019-01-08 18:13, Robert Marcano a écrit :
>
> > On 1/7/19 2:28 PM, Matthew Miller wrote:
> >
> >> On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote:
> >>
> * The Fedora community cares about privacy a
On Tue, Jan 08, 2019 at 08:38:01PM +0100, Benjamin Berg wrote:
> > We can certainly implement a setup that does not collect or store the
> > UUID together with the IP address or timestamp. Send the UUID as a
> > HTTP header, don't log it, send the UUID off to a counting service
> > (*). If we make
Le 2019-01-08 18:13, Robert Marcano a écrit :
On 1/7/19 2:28 PM, Matthew Miller wrote:
On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote:
* The Fedora community cares about privacy and is adverse to
tracking
measures. We don't want to track; just count.
Uh, so what's the stor
On Tue, Jan 8, 2019 at 8:50 AM Matthew Miller wrote:
>
> On Tue, Jan 08, 2019 at 04:22:39PM +0100, Lennart Poettering wrote:
> > > The additional information could be
> > > 10.5.124.209 - - [31/Dec/2018:09:07:21 +] "GET
> > > /metalink?repo=fedora-28&arch=x86_64&uuid=&edition=
> > > HTTP/1.1"
On Tue, 2019-01-08 at 09:59 -0500, Owen Taylor wrote:
> On Tue, Jan 8, 2019 at 7:17 AM Benjamin Berg wrote:
> > On Tue, 2019-01-08 at 12:33 +0100, Miroslav Suchý wrote:
> > > Dne 08. 01. 19 v 11:35 Nicolas Mailhot napsal(a):
> > > > *which* *do* *not* *permit* *or* *no* *longer* *permit* *the*
> >
On Tue, Jan 8, 2019, at 11:15 AM, Stephen Gallagher wrote:
> On Tue, Jan 8, 2019 at 10:50 AM Matthew Miller
> wrote:
> >
> > On Tue, Jan 08, 2019 at 04:22:39PM +0100, Lennart Poettering wrote:
> > > > The additional information could be
> > > > 10.5.124.209 - - [31/Dec/2018:09:07:21 +] "GET
>
On 1/7/19 2:28 PM, Matthew Miller wrote:
On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote:
* The Fedora community cares about privacy and is adverse to tracking
measures. We don't want to track; just count.
Uh, so what's the story there? i mean, if you pass over the uuid you
m
On Tue, Jan 8, 2019 at 11:42 AM Benjamin Berg wrote:
>
> Hi,
>
> On Tue, 2019-01-08 at 10:49 -0500, Matthew Miller wrote:
> > On Tue, Jan 08, 2019 at 04:22:39PM +0100, Lennart Poettering wrote:
> > > > The additional information could be
> > > > 10.5.124.209 - - [31/Dec/2018:09:07:21 +] "GET
>
Hi,
On Tue, 2019-01-08 at 10:49 -0500, Matthew Miller wrote:
> On Tue, Jan 08, 2019 at 04:22:39PM +0100, Lennart Poettering wrote:
> > > The additional information could be
> > > 10.5.124.209 - - [31/Dec/2018:09:07:21 +] "GET
> > > /metalink?repo=fedora-28&arch=x86_64&uuid=&edition=
> > > HTTP
On Tue, 8 Jan 2019 at 00:30, Christopher Tubbs
wrote:
> A few concerns/comments (inline):
>
> > === The problem ===
> >
> > * A. Currently, we can only count Fedora OS use by observing IP
> > addresses. This is subject to undercounting due to NAT — and to
> > overcounting due to short DHCP leases
On Tue, Jan 8, 2019 at 10:50 AM Matthew Miller wrote:
>
> On Tue, Jan 08, 2019 at 04:22:39PM +0100, Lennart Poettering wrote:
> > > The additional information could be
> > > 10.5.124.209 - - [31/Dec/2018:09:07:21 +] "GET
> > > /metalink?repo=fedora-28&arch=x86_64&uuid=&edition=
> > > HTTP/1.1"
On Tue, Jan 08, 2019 at 04:25:25PM +0100, Lennart Poettering wrote:
> And let me also stress that if you do it this way there's a better
> chance that people will leave this on, since you won't raise red flags
> all over the place that you can track individual users with this.
Yeah, absolutely!
-
On Tue, Jan 08, 2019 at 04:22:39PM +0100, Lennart Poettering wrote:
> > The additional information could be
> > 10.5.124.209 - - [31/Dec/2018:09:07:21 +] "GET
> > /metalink?repo=fedora-28&arch=x86_64&uuid=&edition=
> > HTTP/1.1" 200 62200 "-" "dnf/2.7.5"
> If all you want to do is count, then i
On Di, 08.01.19 16:22, Lennart Poettering (mzerq...@0pointer.de) wrote:
> On Di, 08.01.19 07:49, Stephen John Smoogen (smo...@gmail.com) wrote:
>
> > The additional information could be
> >
> > 10.5.124.209 - - [31/Dec/2018:09:07:21 +] "GET
> > /metalink?repo=fedora-28&arch=x86_64&uuid=&editio
On Di, 08.01.19 07:49, Stephen John Smoogen (smo...@gmail.com) wrote:
> The additional information could be
>
> 10.5.124.209 - - [31/Dec/2018:09:07:21 +] "GET
> /metalink?repo=fedora-28&arch=x86_64&uuid=&edition=
> HTTP/1.1" 200 62200 "-" "dnf/2.7.5"
If all you want to do is count, then it sh
On Tue, Jan 8, 2019 at 7:17 AM Benjamin Berg wrote:
>
> On Tue, 2019-01-08 at 12:33 +0100, Miroslav Suchý wrote:
> > Dne 08. 01. 19 v 11:35 Nicolas Mailhot napsal(a):
> > > *which* *do* *not* *permit* *or* *no* *longer* *permit* *the*
> > > *identification* *of* *data* *subjects*
> >
> > How do yo
On Tue, 8 Jan 2019 at 06:23, Miroslav Suchý wrote:
>
> Dne 08. 01. 19 v 11:14 Reindl Harald napsal(a):
> > but the UUID is sent over TCP and so you receive the current IP at the
> > same time with the UUID and that way you can even pofile how that
> > machine is moved around the country
>
> But it
On Tue, 8 Jan 2019 at 03:43, Lennart Poettering wrote:
>
> On Mo, 07.01.19 16:58, Stephen John Smoogen (smo...@gmail.com) wrote:
>
> > > I wonder if it is worth introducing an entirely new tracking concept
> > > here if you actually don't want to track but just count. The NTP
> > > approach has th
On Tue, Jan 08, 2019 at 09:30:56AM +0100, Miroslav Suchý wrote:
> How Mock should handle this? DNF executed by Mock cannot send VERSION_ID
> and VARIANT_ID of chroot(ed) environment because they are not know yet.
> I think the question in general is - how to put tracking of build systems
> aside?
Le 2019-01-08 13:42, Kevin Kofler a écrit :
Nicolas Mailhot wrote:
1. it needs to be opt-out not opt-in (ie an explicit question in the
installer, with no tracking unless the user says yes)
I think you mean "opt-in not opt-out". (At least, that's what your
explanation in the parentheses descri
On Mon, 7 Jan 2019 at 22:47, Kevin Kofler wrote:
>
> Matthew Miller wrote:
> > Since there is no personal information attached, I don't see how on the
> > face of it this is a privacy violation. I want to take this concern
> > seriously, but I need more to go on than "this is inherent". Can you
>
Nicolas Mailhot wrote:
> 1. it needs to be opt-out not opt-in (ie an explicit question in the
> installer, with no tracking unless the user says yes)
I think you mean "opt-in not opt-out". (At least, that's what your
explanation in the parentheses describes.)
Other than that apparent typo, I ent
Le 2019-01-08 12:33, Miroslav Suchý a écrit :
Dne 08. 01. 19 v 11:35 Nicolas Mailhot napsal(a):
*which* *do* *not* *permit* *or* *no* *longer* *permit* *the*
*identification* *of* *data* *subjects*
How do you identify data subject solely on UUID?
Art 26 makes it pretty clear that reversing m
On Tue, 2019-01-08 at 12:33 +0100, Miroslav Suchý wrote:
> Dne 08. 01. 19 v 11:35 Nicolas Mailhot napsal(a):
> > *which* *do* *not* *permit* *or* *no* *longer* *permit* *the*
> > *identification* *of* *data* *subjects*
>
> How do you identify data subject solely on UUID?
You also inherently colle
Dne 08. 01. 19 v 11:35 Nicolas Mailhot napsal(a):
> *which* *do* *not* *permit* *or* *no* *longer* *permit* *the*
> *identification* *of* *data* *subjects*
How do you identify data subject solely on UUID?
Miroslav
___
devel mailing list -- devel@lists.
On 1/8/19 1:06 PM, Peter Robinson wrote:
Dne 08. 01. 19 v 10:10 Zbigniew Jędrzejewski-Szmek napsal(a):
I an IP address qualifies as "personal data", then an installation UUID does
too.
IANAL but I disagree. With IP address, I can very easily guess your
town/village. With more effort I can tr
Dne 08. 01. 19 v 11:14 Reindl Harald napsal(a):
> but the UUID is sent over TCP and so you receive the current IP at the
> same time with the UUID and that way you can even pofile how that
> machine is moved around the country
But it is not - or to be precise - will not be stored as couple, so thi
> Dne 08. 01. 19 v 10:10 Zbigniew Jędrzejewski-Szmek napsal(a):
> > I an IP address qualifies as "personal data", then an installation UUID
> > does too.
>
> IANAL but I disagree. With IP address, I can very easily guess your
> town/village. With more effort I can track you to
> individual house
On 08/01/2019 10:38, Lennart Poettering wrote:
Also, you want to use standard primitives, and a HMAC is one that is
designed for purposes like this. For the reasons why a HMAC is
constructed the way it is, read the wikipedia page.
Well it's constructed the way it is (as wikipedia explains) to
On Di, 08.01.19 10:11, Richard Hughes (hughsi...@gmail.com) wrote:
> On Tue, 8 Jan 2019 at 08:57, Lennart Poettering wrote:
> > Yes, Tom's proposal makes sense. Calculate the UUID you submit as
> > HMAC(machined_id, CONCAT(fixedappuuid, unixtime/432000))
>
> Out of interest, how is using a HMAC
Le 2019-01-08 11:17, Miroslav Suchý a écrit :
Dne 08. 01. 19 v 11:04 Miroslav Suchý napsal(a):
IANAL but I disagree. With IP address, I can very easily guess your
town/village. With more effort I can track you to
individual house and individual device.
You cannot say the same about UUID.
I ju
Dne 08. 01. 19 v 11:04 Miroslav Suchý napsal(a):
> IANAL but I disagree. With IP address, I can very easily guess your
> town/village. With more effort I can track you to
> individual house and individual device.
> You cannot say the same about UUID.
I just checked and UUID is definitelly under ‘
On Tue, 8 Jan 2019 at 08:57, Lennart Poettering wrote:
> Yes, Tom's proposal makes sense. Calculate the UUID you submit as
> HMAC(machined_id, CONCAT(fixedappuuid, unixtime/432000))
Out of interest, how is using a HMAC different to just using the
machine-id appended with a salt, sha256'd?
Rich
Hi,
On Tue, 2019-01-08 at 10:06 +0100, Nicolas Mailhot wrote:
> You can turn it all the way you like getting accurate counts means
> disambiguating systems which means tracking, regardless if you do it
> in a central way or via system agents.
No, you do not need to track individual machines.
As
Dne 08. 01. 19 v 10:10 Zbigniew Jędrzejewski-Szmek napsal(a):
> I an IP address qualifies as "personal data", then an installation UUID does
> too.
IANAL but I disagree. With IP address, I can very easily guess your
town/village. With more effort I can track you to
individual house and individua
Le 2019-01-08 04:00, Matthew Miller a écrit :
On Mon, Jan 07, 2019 at 11:09:48PM +0100, Kevin Kofler wrote:
Please no! This is an inherent privacy violation. I hate software
doing this
and I always opt out of it. I find it especially worrying that Free
Software
is now doing this more and more
On Mon, Jan 07, 2019 at 10:00:25PM -0500, Matthew Miller wrote:
> On Mon, Jan 07, 2019 at 11:09:48PM +0100, Kevin Kofler wrote:
> > Please no! This is an inherent privacy violation. I hate software doing
> > this
> > and I always opt out of it. I find it especially worrying that Free
> > Softwar
Le 2019-01-07 23:44, John Harris a écrit :
On Monday, January 7, 2019 5:20:55 PM EST Bruno Wolff III wrote:
On Mon, Jan 07, 2019 at 22:54:46 +0100, Tom Gundersen
wrote:
So this allows better tracking than if you just had to go by IP, time
and
other information in the requests.
Keep in min
On Mo, 07.01.19 22:54, Tom Gundersen (t...@jklm.no) wrote:
> On Mon, Jan 7, 2019, 7:31 PM Matthew Miller
> wrote:
>
> > On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote:
> > > > * The Fedora community cares about privacy and is adverse to tracking
> > > > measures. We don't want
On Mo, 07.01.19 16:58, Stephen John Smoogen (smo...@gmail.com) wrote:
> > I wonder if it is worth introducing an entirely new tracking concept
> > here if you actually don't want to track but just count. The NTP
> > approach has the benefit that you introduce no new tracking concept at
> > all, bu
> > Not if we don't keep them for long. One idea is to rotate them fairly
> > frequently. But this is mostly a statement of intent and might be more about
> > how we build the backend than about what we force in the client.
>
> My understanding is that the Fedora project does not control how much
>
Dne 07. 01. 19 v 17:34 Ben Cotton napsal(a):
> * We need to be able to distinguish between short-lived instances
> (like temporary containers or test machines) and actual installations.
How Mock should handle this? DNF executed by Mock cannot send VERSION_ID and
VARIANT_ID of chroot(ed) environme
* Matthew Miller:
> Not if we don't keep them for long. One idea is to rotate them fairly
> frequently. But this is mostly a statement of intent and might be more about
> how we build the backend than about what we force in the client.
My understanding is that the Fedora project does not control
On Mon, Jan 07, 2019 at 22:00:25 -0500,
Matthew Miller wrote:
Since there is no personal information attached, I don't see how on the face
of it this is a privacy violation. I want to take this concern seriously,
but I need more to go on than "this is inherent". Can you elaborate?
From the u
On Tue, Jan 08, 2019 at 00:44:26 -0500,
John Harris wrote:
On Tuesday, January 8, 2019 12:32:45 AM EST Bruno Wolff III wrote:
The cost for pretending to be lots of machines is also reduced a lot in
this scheme over having to connect from lots of different IP addresses.
Though at some point spo
On Tuesday, January 8, 2019 12:32:45 AM EST Bruno Wolff III wrote:
> The cost for pretending to be lots of machines is also reduced a lot in
> this scheme over having to connect from lots of different IP addresses.
> Though at some point spoofing too many would probably be considered
> a denial
On Mon, Jan 07, 2019 at 21:43:46 -0500,
Matthew Miller wrote:
On Mon, Jan 07, 2019 at 02:27:39PM -0600, Bruno Wolff III wrote:
Is this going to happen on install or upgrade before there is a
chance to turn it off?
Maybe? Keep in mind that you are _already_ contacting the mirror systems
when
A few concerns/comments (inline):
> === The problem ===
>
> * A. Currently, we can only count Fedora OS use by observing IP
> addresses. This is subject to undercounting due to NAT — and to
> overcounting due to short DHCP leases and laptops moving between work
> or school and home or coffee shop
> > Since there is no personal information attached, I don't see how on the
> > face of it this is a privacy violation. I want to take this concern
> > seriously, but I need more to go on than "this is inherent". Can you
> > elaborate?
>
> I detailed it further down my message: my concern is that t
Matthew Miller wrote:
> Since there is no personal information attached, I don't see how on the
> face of it this is a privacy violation. I want to take this concern
> seriously, but I need more to go on than "this is inherent". Can you
> elaborate?
I detailed it further down my message: my concer
On Mon, Jan 07, 2019 at 11:09:48PM +0100, Kevin Kofler wrote:
> Please no! This is an inherent privacy violation. I hate software doing this
> and I always opt out of it. I find it especially worrying that Free Software
> is now doing this more and more often, this used to be something only
> pr
On Mon, Jan 07, 2019 at 04:06:52PM -0600, Bruno Wolff III wrote:
> >I have to say that I actually disagree with this. It is possible that Fedora
> >Remixes could send the variant as being the name of their Remix. While my
> >Remix wouldn't do this (it is privacy oriented, and ensures only free
> >s
On Mon, Jan 07, 2019 at 02:27:39PM -0600, Bruno Wolff III wrote:
> Is this data only going to be sent to the metalink or do the mirrors
> actually used, get the data?
That's a good question.
> Is the data going to be sent along with requests to non-Fedora repos
> (e.g. rpmfusion)?
Also a good qu
On Mon, Jan 07, 2019 at 04:36:38PM -0500, John Harris wrote:
> My suggestion was not because of some fear that the machine ID would be
> leaked, but rather my personal opinion that this UUID should not be derived
> in
> any way from the machine ID.
John, what's the concern there? I agree that
On Mon, Jan 07, 2019 at 17:44:59 -0500,
John Harris wrote:
We don't need to be thinking of more things to track about the user, but ways
to prevent tracking and still get the counts the Council wants.
There are two mutually opposed sides here. The users need to consider how they
might be at
On Monday, January 7, 2019 5:20:55 PM EST Bruno Wolff III wrote:
> On Mon, Jan 07, 2019 at 22:54:46 +0100, Tom Gundersen wrote:
>
> So this allows better tracking than if you just had to go by IP, time and
> other information in the requests.
Keep in mind that we do not want tracking, at all. Ju
On Mon, Jan 07, 2019 at 22:54:46 +0100,
Tom Gundersen wrote:
You could move the rotation to the client by hashing the UUID with a
timestamp of sufficiently coarse granularity (a week?) before submitting it.
Then you make sure that all UUIDs submitted by a given machine during a
given time wind
On Mon, Jan 07, 2019 at 17:04:11 -0500,
John Harris wrote:
On Monday, January 7, 2019 5:00:48 PM EST Stephen Gallagher wrote:
I think the only useful data we could get from unknown variants would
be "the number of times we see an unknown variant". So I think
throwing it away and just increment
Ben Cotton wrote:
> systems, but a quick thing we can do is implement a per-system UUID
> (unique identifier) and count that instead of IP addresses.
Please no! This is an inherent privacy violation. I hate software doing this
and I always opt out of it. I find it especially worrying that Free So
On Monday, January 7, 2019 5:00:48 PM EST Stephen Gallagher wrote:
> I think the only useful data we could get from unknown variants would
> be "the number of times we see an unknown variant". So I think
> throwing it away and just incrementing a counter of "the number of
> times people have tried
On Mon, Jan 7, 2019 at 4:55 PM Bruno Wolff III wrote:
>
> On Mon, Jan 07, 2019 at 16:41:46 -0500,
> John Harris wrote:
> >On Monday, January 7, 2019 4:31:29 PM EST Bruno Wolff III wrote:
> >> If the strings aren't checked when they are received, they could be
> >> anything.
> >> The system var
On Mon, 7 Jan 2019 at 15:34, Lennart Poettering wrote:
>
> On Mo, 07.01.19 13:28, Matthew Miller (mat...@fedoraproject.org) wrote:
>
> > On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote:
> > > > * The Fedora community cares about privacy and is adverse to tracking
> > > > measure
On Mon, Jan 7, 2019, 7:31 PM Matthew Miller
wrote:
> On Mon, Jan 07, 2019 at 06:24:14PM +0100, Lennart Poettering wrote:
> > > * The Fedora community cares about privacy and is adverse to tracking
> > > measures. We don't want to track; just count.
> > Uh, so what's the story there? i mean, if yo
On Mon, Jan 07, 2019 at 16:41:46 -0500,
John Harris wrote:
On Monday, January 7, 2019 4:31:29 PM EST Bruno Wolff III wrote:
If the strings aren't checked when they are received, they could be
anything.
The system varient also has the same issue. You shouldn't trust
the clients supplying this
On Monday, January 7, 2019 4:31:29 PM EST Bruno Wolff III wrote:
> If the strings aren't checked when they are received, they could be
> anything.
> The system varient also has the same issue. You shouldn't trust
> the clients supplying this information.
If we are just using this UUID to count m
On Monday, January 7, 2019 4:29:02 PM EST Zbigniew Jędrzejewski-Szmek wrote:
> If the sd_id128_get_machine_app_specific/... mechanism is used, this
> could be added to previous releases in a dnf update. This is an additional
> advantage over having a indepdent uuid for this.
If we do go forward wi
On Mon, Jan 07, 2019 at 16:00:46 -0500,
John Harris wrote:
On Monday, January 7, 2019 3:27:39 PM EST Bruno Wolff III wrote:
Are the UUIDs going to be sanity checked so that NSFW UUIDs don't show up
in reports?
I don't see how a UUID could possibly be NSFW, or why UUIDs would ever be
included
Lennart Poettering wrote:
> BTW, iirc intel used to count installations through the http ping
> check in their captive portal detection. Fedora runs a similar service
> which is used by NM, no? maybe that's a nicer solution too: add a http
> header field to the ping check that each client sets to "
On Monday, January 7, 2019 4:32:04 PM EST Lennart Poettering wrote:
> On Mo, 07.01.19 16:04, John Harris (joh...@splentity.com) wrote:
>
>
> > On Monday, January 7, 2019 3:18:10 PM EST Lennart Poettering wrote:
> >
> > > hence my recommendation to derive the any uuid for purposes like this
> > >
On Mo, 07.01.19 16:04, John Harris (joh...@splentity.com) wrote:
> On Monday, January 7, 2019 3:18:10 PM EST Lennart Poettering wrote:
> > hence my recommendation to derive the any uuid for purposes like this
> > from /etc/machine-id, by using a HMAC of some kind (see other mail).
>
> I really don
On Mon, Jan 07, 2019 at 11:34:47AM -0500, Ben Cotton wrote:
> == Summary ==
> Right now, we estimate installed Fedora systems by counting unique IP
> addresses which show up in our updates mirror statistics. We need
> better data than that. There are some proposals for more complicated
> systems, b
On Mon, Jan 07, 2019 at 04:04:24PM -0500, John Harris wrote:
> On Monday, January 7, 2019 3:18:10 PM EST Lennart Poettering wrote:
> > hence my recommendation to derive the any uuid for purposes like this
> > from /etc/machine-id, by using a HMAC of some kind (see other mail).
>
> I really don't t
On Mon, 7 Jan 2019 at 15:19, Lennart Poettering wrote:
>
> On Mo, 07.01.19 13:32, Stephen John Smoogen (smo...@gmail.com) wrote:
>
> > On Mon, 7 Jan 2019 at 12:32, John Harris wrote:
> > >
> > > On Monday, January 7, 2019 11:34:47 AM EST Ben Cotton wrote:
> > > > The Fedora community cares about
On Monday, January 7, 2019 3:18:10 PM EST Lennart Poettering wrote:
> hence my recommendation to derive the any uuid for purposes like this
> from /etc/machine-id, by using a HMAC of some kind (see other mail).
I really don't think that this should be derived in any way from a machine id,
if it r
1 - 100 of 117 matches
Mail list logo
