[Popcon-developers] Drop atime and ctime for privacy reasons possible?

[Bill Allombert]

On Sun, Oct 28, 2012 at 04:25:23PM +0000, adrelanos wrote:
> Bill Allombert:
> > On Sat, Oct 27, 2012 at 11:48:45PM +0000, adrelanos wrote:
> >> Bill Allombert:
> >>> On Sat, Oct 27, 2012 at 09:55:22AM +0000, adrelanos wrote:
> >>>> Paul Wise:
> >>>>> On Fri, Oct 26, 2012 at 6:37 PM, adrelanos wrote:
> >>>>>
> >>>>>> for privacy reasons.
> >>>>>
> >>>>> In addition, it would be great to see popcon.d.o switch to SSL to
> >> add privacy.
> >>>
> >>> I would rather use gpg.
> >>
> >> gpg is fine.
> >
> > Could you do some benchmark ?
> > - Generate a popcon report on a system with a large number of packages
> installed,
> > - Encrypt it with gpg --armor with some public key.
> > - Then decrypt it 1000 times with the matching private key.
> > - Compute time.
> > - Retry with a different keylength or algorithm.
> >
> > Cheers,
> 
> ~100 KiB popcon file encrypted with 4096/4096 gpg key.

What does mean 4096/4096 ? RSA 4096 ?
What symmetric encryption scheme is used?

> 100 times decrypted took 16 seconds inside a rather slow single core
> virtual machine.

popcon has to process at least 20000 report by day, so this means a time
closes to 1h, which is about the current time it takes, which is probably
acceptable.

> Test script:
> https://github.com/adrelanos/popcon-benchmark

Thanks for your work!

Cheers,
-- 
Bill. <ballombe at debian.org>

Imagine a large red swirl here.