[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [OT] /etc/machine-id "must not be exposed in untrusted environments"

On Fri, 09 Aug 2019 at 12:17:13 -0400, Marvin Renich wrote:
> My point is that Debian as a distribution is used in a wide variety of
> use cases, from locked-down server to single-user desktop to multi-user
> application server (what used to be called time sharing).

If you're executing arbitrary code on a shared server, it seems a stretch
to say that you are entirely untrusted (and you probably know which
computer you are connecting to, so fingerprinting is somewhat irrelevant).

> If that sentence in the man
> page is aimed at application writers, then it should be reworded some.

I'm sure it could benefit from some rewording. I would recommend taking
that to https://github.com/systemd/systemd/issues - debian-devel is not
the place for this.

    smcv
Reply to: