[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Smolt and software information



On Nov 9, 2007 11:53 AM, nodata <lsof nodata co uk> wrote:
> > 2) Are there any privacy concerns?  Remember smolt is voluntary, and
>
> A loaded question!
>
> > so far we don't link any information to machines other than a single
> > UUID that is privately stored.
>
> Sometimes it *is* useful to give out a smolt UUID to let someone (e.g. a
> kernel developer) get at hardware information for a bug report. That's
> okay. If you then "extended" smolt to give out more information (it
> won't stop here btw), then some of those people won't provide that
> information any more, unless they can choose which information they
> send.

We do know about some of the standing privacy concerns, but
implementing the solutions is more a time issue.  I have winter break
from school in about six weeks, so I'll have a month of cold weather
to inspire some good smolt hacking.  Until then, I'm just going over
an idea brought up.

Access controls on the UUID script - Probably a trivial patch to make
it root readable only.  I should probably file a bug on it.

Selective information submission - Probably also a good idea, though
the implementation is less than trivial.

Giving out a secondary UUID that has access controls applied - In our
bug reports, the solution is far from trivial, and the number one
thing to do as soon as the semester is over.

We're always listening for ideas about security and privacy, of
course, if you have more good points. :)

Cheers,
Yaakov


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]