Smolt and software information
nodata
lsof at nodata.co.uk
Fri Nov 9 17:29:31 UTC 2007
Am Freitag, den 09.11.2007, 12:18 -0500 schrieb Yaakov Nemoy:
> On Nov 9, 2007 11:53 AM, nodata <lsof at nodata.co.uk> wrote:
> > > 2) Are there any privacy concerns? Remember smolt is voluntary, and
> >
> > A loaded question!
> >
> > > so far we don't link any information to machines other than a single
> > > UUID that is privately stored.
> >
> > Sometimes it *is* useful to give out a smolt UUID to let someone (e.g. a
> > kernel developer) get at hardware information for a bug report. That's
> > okay. If you then "extended" smolt to give out more information (it
> > won't stop here btw), then some of those people won't provide that
> > information any more, unless they can choose which information they
> > send.
>
> We do know about some of the standing privacy concerns, but
> implementing the solutions is more a time issue. I have winter break
> from school in about six weeks, so I'll have a month of cold weather
> to inspire some good smolt hacking. Until then, I'm just going over
> an idea brought up.
>
> Access controls on the UUID script - Probably a trivial patch to make
> it root readable only. I should probably file a bug on it.
Done: https://bugzilla.redhat.com/show_bug.cgi?id=373211
>
> Selective information submission - Probably also a good idea, though
> the implementation is less than trivial.
>
> Giving out a secondary UUID that has access controls applied - In our
> bug reports, the solution is far from trivial, and the number one
> thing to do as soon as the semester is over.
>
> We're always listening for ideas about security and privacy, of
> course, if you have more good points. :)
>
> Cheers,
> Yaakov
>
More information about the devel
mailing list