[Popcon-developers] Bug#765315: please include /etc/debian_version in report
Joey Hess
joeyh at debian.org
Tue Oct 14 03:09:07 UTC 2014
Package: popularity-contest
Version: 1.61
Severity: normal
I use popcon data a lot for eg, tasksel, and often one is only
interested in data for unstable, or stable. But there's no good way to
separate those in the results. Instead, various workarounds have to be
used, like trying to tease out information about packages present in one
version of debian and not in the other.
So, could the release information please be included in the report?
Specifically just the name of the current release from
/etc/debian_version.
This is additional information about the system. However, there is very
little privacy invasion here, because the report already tends to
contain sufficient information to identify the version of debian used by
the system. Notably the version of popularity-contest that is installed,
and also many of the installed packages, which can be cross referenced
with the package lists to tell which suites the set could have come
from. So, an attacker who intercepts the report somehow can already work
this out heuristically, probably good enough for their nefarious
purposes.
Of course, once the release information is available in the popcon database,
the web interface can be updated to let it be used in queries. But
getting popcon collecting it is the first step.
(As a bonus it'll be easier to notice when ubuntu accidentially floods
debian's popcon with their user reports, as has happened once or twice
before.)
--
see shy jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/popcon-developers/attachments/20141013/af5f98d4/attachment.sig>
More information about the Popcon-developers
mailing list