[Popcon-commits] cvs commit to popularity-contest by ballombe
popcon-commits@lists.alioth.debian.org
popcon-commits@lists.alioth.debian.org
Wed, 14 Apr 2004 16:01:15 -0600
Update of /cvsroot/popcon/popularity-contest
In directory haydn:/tmp/cvs-serv29579
Modified Files:
FAQ
Log Message:
Extent the FAQ about privacy consideration.
Index: FAQ
===================================================================
RCS file: /cvsroot/popcon/popularity-contest/FAQ,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -d -r1.1 -r1.2
--- FAQ 13 Apr 2004 22:06:31 -0000 1.1
+++ FAQ 14 Apr 2004 22:01:13 -0000 1.2
@@ -1,5 +1,40 @@
Popularity-contest Frequently Asked Questions.
+Q) What informations are reported by popularity-contest ?
+
+A) popularity-contest report the Debian architecture you use,
+ the Debian release and the list of packages installed on the
+ system with the most recent atime of important files in them
+ (mainly executable files).
+
+Q) What are the privacy consideration for popularity-contest ?
+
+A) Each popularity-contest host is identified by a random 128bit uuid
+ (MY_HOSTID in /etc/popularity-contest). This uuid is used to track
+ submission issued by the same host. It should be kept secret. The reports
+ are sent by email to the popcon server. The server automatically extract
+ the report from the email and store it in a database for a maximum of 20
+ days or until the host send a new report. This database is readable only by
+ Debian Developers. The emails are readable only by the server admins.
+ Every day, the server compute a summary and post it on
+ <http://popcon.debian.org/all-popcon-results.txt.gz>. This summary is a
+ merge of all the submissions and does not include uuids.
+
+ Known weakness of the system:
+
+ 1) Your email submission might be intercepted. We evaluate the possibility
+ to use public-key cryptography to protect the email.
+
+ 2) Someone who know you are very likely to use a particular package reported
+ by only one person (e.g. you are the maintainer) might infer you are not at
+ home when the package is not reported anymore. However this is only a
+ problem if you are gone for more than two weeks if the computer is shut-down
+ and 23 days if it is let idle.
+
+ 3) Unofficial and local packages are reported. This can be an issue
+ especially with 2) above, especially for custom-build kernel packages.
+ We are evaluating how far we can alleviate this problem.
+
Q) My submissions bounce with
550 [PERMFAIL] popcon.debian.org requires valid sender domain.