Re: Unsolicited internet access in default installs (was: New service: https://debuginfod.debian.net)

To: debian-devel@lists.debian.org
Subject: Re: Unsolicited internet access in default installs (was: New service: https://debuginfod.debian.net)
From: "Steinar H. Gunderson" <sesse@debian.org>
Date: Sat, 27 Feb 2021 15:42:50 +0100
Message-id: <[🔎] 20210227144250.tqmxdf3ajx6jcmim@sesse.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 161443589236.58635.12422980351447594761@localhost>
References: <87r1l6jf4l.fsf@paluero> <[🔎] 157bf59b931f427647aeecfa281502ae55791b5e.camel@debian.org> <[🔎] 8886dcb8202a231f6ff0f442df039ca89e538a50.camel@debian.org> <87lfbd9pvk.fsf@redhat.com> <[🔎] 9e0482b65b1574bc0e093f3c21e347818590876c.camel@debian.org> <[🔎] 87ft1jg956.fsf@paluero> <[🔎] YDojTDReTKkaxnx3@roeckx.be> <[🔎] 20210227122934.GA2197@b-tk.org> <[🔎] 20210227124627.pcbtkahl67yzqu6g@sesse.net> <[🔎] 161443589236.58635.12422980351447594761@localhost>

On Sat, Feb 27, 2021 at 03:24:52PM +0100, Johannes Schauer Marin Rodrigues wrote:
> No idea why we are still asking whether popcon should be enabled or not because
> apparently it's 2021 and it's okay to tell others out there that I just
> installed Debian.

This is a strawman, though. popcon contains a persistent identifier; a random
HTTP request will not.

Furthermore, your machine will send out and answer various ICMP traffic, mDNS
stuff, multicast groups, CIFS name queries, etc. etc. etc. on whatever local
network it's connecting to. It's completely fine to limit the amount of
personal data we are divulging for no good reason, but machines don't live in
network silence. debuginfod is a genuinely useful service, will leak much
less information about what you've got installed than apt already does, and
we should not just block its use based on such a (non-)goal.

That being said, I would assume the logical thing to do is that gdb asks the
first time, and then remembers your choice.

/* Steinar */
-- 
Homepage: https://www.sesse.net/

Reply to:

References:
- Re: New service: https://debuginfod.debian.net
  - From: Ian Campbell <ijc@debian.org>
- Re: New service: https://debuginfod.debian.net
  - From: Ian Campbell <ijc@debian.org>
- Re: New service: https://debuginfod.debian.net
  - From: Ian Campbell <ijc@debian.org>
- Re: New service: https://debuginfod.debian.net
  - From: Sergio Durigan Junior <sergiodj@debian.org>
- Re: New service: https://debuginfod.debian.net
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: New service: https://debuginfod.debian.net
  - From: "Thaddeus H. Black" <thb@debian.org>
- Re: New service: https://debuginfod.debian.net
  - From: "Steinar H. Gunderson" <sesse@debian.org>
- Unsolicited internet access in default installs (was: New service: https://debuginfod.debian.net)
  - From: Johannes Schauer Marin Rodrigues <josch@debian.org>

Prev by Date: Unsolicited internet access in default installs (was: New service: https://debuginfod.debian.net)
Next by Date: Re: Unsolicited internet access in default installs (was: New service: https://debuginfod.debian.net)
Previous by thread: Unsolicited internet access in default installs (was: New service: https://debuginfod.debian.net)
Next by thread: Re: Unsolicited internet access in default installs (was: New service: https://debuginfod.debian.net)
Index(es):
- Date
- Thread