On Mon, Jan 07, 2019 at 02:27:39PM -0600, Bruno Wolff III wrote:
Is this data only going to be sent to the metalink or do the mirrors
actually used, get the data?
That's a good question.
Is the data going to be sent along with requests to non-Fedora repos
(e.g. rpmfusion)?
Also a good question. The intent in any case is to share aggregate
information (in a way we don't currently), so third parties will benefit
from that even if they don't have their own counting.
This will make it much easier to spoof being lots of systems. Is
there some plan to mitigate this risk?
I guess I'm not super worried about that. We could probably add some
server-side heuristics to detect suspicious activity.
Is this going to turn on automatically for rawhide users?
I propose that it will at some point, yes. Perhaps a devel-announce post is
appropriate.
Is this going to happen on install or upgrade before there is a
chance to turn it off?
Maybe? Keep in mind that you are _already_ contacting the mirror systems
when installing or upgrading. Sending a random number once (or a few times,
even) does not seem particularly invasive.
For what it's worth, with Ubuntu's new opt-out info collection, they send a
pingback _when someone opts out_, so that they can get a sense of % of
people who make that choice. I'm not proposing that here, but... I think we
can be privacy sensitive without needing to over-design beyond reasonable
expectations. Again, especially given that software installed by default on
most Fedora installations does not have any strong restrictions.
Are the UUIDs going to be sanity checked so that NSFW UUIDs
don't
show up in reports?
You mean if someone sends a fake UUID rather than a genuine one? I don't
expect we'll actually present the UUIDs directly in reports. It does seem
reasonable to check that UUIDs actually match the expected format, which
should cut out most of that.
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader