On Mon, Jan 07, 2019 at 04:36:38PM -0500, John Harris wrote:
My suggestion was not because of some fear that the machine ID would
leaked, but rather my personal opinion that this UUID should not be derived in
any way from the machine ID.
John, what's the concern there? I agree that it's a little more complicated
story to tell, but I think it's pretty reasonable to trust that it can't be
reversed in a useful way. Particularly, there are a lot easier ways for an
adversary to track a (still anonymous!) Fedora installation than this attack
vector, and the advantage (cleaned by standard image prep) is clear.
We need to first decide whether or not we want
containers and other declarative environments to be considered separate
Sorry, I'm not seeing the connection. Maybe it's just too late in the day.
Can you spell it out for me?
Fedora Project Leader