On Thu, May 09, 2013 at 10:43:34AM -0500, Kevin Fenzi wrote:
On Mon, 6 May 2013 08:32:40 +0200 Lukas Zapletal lzap@redhat.com wrote:
On Fri, May 03, 2013 at 03:30:39PM -0600, Kevin Fenzi wrote:
Right, but then this information is security sensitive...
User installed httpd-x.y-Z on YYYY-MM-DD, but on looking you don't see them installing the security update that was released after that -> target.
Or even, user installs foo, foo is insecure and is dropped from fedora, you might know that they have it still installed and can leverage that.
Or you see that user does security updates every friday, so you know they might be vulnerable thursdays.
Also, you may see users install something, but we have no way of knowing if they try it and hate it and remove it right after.
All true, that's the reason why IP address will never be available from the data.
Sure, if you can see the anonized logs you can still figure out your IP address hash easily, so that could allow you to see for example what other people behind your same NAT/company are installing.
There's lots of weird corner cases here, which is why we decided it wouldn't work last time we visited it. ;(
We could create our own mapping of {IP address : complete random value}, and then hash those random values, and give out the info that way. This solves the problem of reversing the the simple {IP address : hash(IP address)} scheme.
It would require us to generate such a mapping, and keep it private, though.