Anonymized access log from a fedora mirror
Kevin Fenzi
kevin at scrye.com
Thu May 9 15:43:34 UTC 2013
On Mon, 6 May 2013 08:32:40 +0200
Lukas Zapletal <lzap at redhat.com> wrote:
> On Fri, May 03, 2013 at 03:30:39PM -0600, Kevin Fenzi wrote:
> > Right, but then this information is security sensitive...
> >
> > User installed httpd-x.y-Z on YYYY-MM-DD, but on looking you don't
> > see them installing the security update that was released after
> > that -> target.
> >
> > Or even, user installs foo, foo is insecure and is dropped from
> > fedora, you might know that they have it still installed and can
> > leverage that.
> >
> > Or you see that user does security updates every friday, so you know
> > they might be vulnerable thursdays.
> >
> > Also, you may see users install something, but we have no way of
> > knowing if they try it and hate it and remove it right after.
>
> All true, that's the reason why IP address will never be available
> from the data.
Sure, if you can see the anonized logs you can still figure out your IP
address hash easily, so that could allow you to see for example what
other people behind your same NAT/company are installing.
There's lots of weird corner cases here, which is why we decided it
wouldn't work last time we visited it. ;(
> > Also, the way our mirroring works, they can get the package from any
> > mirror at all, so we may not see patterns that are there if we could
> > see logs of all mirrors instead of just one.
>
> Yeah, I did not realized that - this is quite limiting. Taking NAT
> issue into account, I don't think anymore it is good source of
> data :-(
Yeah. ;(
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20130509/9e833d9c/attachment.sig>
More information about the infrastructure
mailing list