On Mon, Jan 07, 2019 at 21:43:46 -0500,
Matthew Miller <mattdm(a)fedoraproject.org> wrote:
On Mon, Jan 07, 2019 at 02:27:39PM -0600, Bruno Wolff III wrote:
> Is this going to happen on install or upgrade before there is a
> chance to turn it off?
Maybe? Keep in mind that you are _already_ contacting the mirror systems
when installing or upgrading. Sending a random number once (or a few times,
even) does not seem particularly invasive.
I keep local mirrors of the particular versions and arches I use, so I
generally don't connect to Fedora repos on a per machine basis. But I
have only a few machines. I imagine there are some organizations where
this might also be the case. Probably not enough to care about from a
stats perspective and they probably aren't doing it for privacy reasons.
But it isn't guaranteed that installs and upgrades will need to connect
to Fedora infrastructure to access repos.
> Are the UUIDs going to be sanity checked so that NSFW UUIDs
> show up in reports?
You mean if someone sends a fake UUID rather than a genuine one? I don't
expect we'll actually present the UUIDs directly in reports. It does seem
reasonable to check that UUIDs actually match the expected format, which
should cut out most of that.
Yes I was thinking of fake ones. They might be ones intended to be disruptive
visually or someone may change their UUID every hour so that each dnf
contact is likely to have a different UUID. I don't know that this would
change the aggregate stats enough to care about.
The cost for pretending to be lots of machines is also reduced a lot in
this scheme over having to connect from lots of different IP addresses.
Though at some point spoofing too many would probably be considered
a denial of service attack and might get the perpatrator in legal trouble,
which might discourage people from doing that. If such an attack wasn't
noticed because of the request volume from a small amount of IP addresses,
it might be possible to have a significant affect on the aggregate stats. So
it might be worth having some filters watching out for this kind of attack.