Anonymized access log from a fedora mirror
Lukas Zapletal
lzap at redhat.com
Mon May 6 06:32:40 UTC 2013
On Fri, May 03, 2013 at 03:30:39PM -0600, Kevin Fenzi wrote:
> Right, but then this information is security sensitive...
>
> User installed httpd-x.y-Z on YYYY-MM-DD, but on looking you don't see
> them installing the security update that was released after that ->
> target.
>
> Or even, user installs foo, foo is insecure and is dropped from fedora,
> you might know that they have it still installed and can leverage that.
>
> Or you see that user does security updates every friday, so you know
> they might be vulnerable thursdays.
>
> Also, you may see users install something, but we have no way of
> knowing if they try it and hate it and remove it right after.
All true, that's the reason why IP address will never be available from
the data.
> Also, the way our mirroring works, they can get the package from any
> mirror at all, so we may not see patterns that are there if we could
> see logs of all mirrors instead of just one.
Yeah, I did not realized that - this is quite limiting. Taking NAT issue
into account, I don't think anymore it is good source of data :-(
--
Later,
Lukas "lzap" Zapletal
irc: lzap #theforeman
More information about the infrastructure
mailing list