Re: popularity-contest and gpg
On Thu, Mar 27, 2025 at 08:46:53PM +0100, Simon Josefsson wrote:
> Bill Allombert <ballombe@debian.org> writes:
>
> > Dear Debian developpers,
> >
> > popularity-contest relies on /usr/bin/gpg for encrypting files.
> > (it cannot use gpgv which does not provide encryption).
>
> Why does it need to encrypt data?
>
> Can't we just send telemetry over https like everyone else?
No we cannot, because the client cannot check certificates, and the server
would be required to use a TLS library that support all SSL/TLS protocols
that have been in use since 2013. For reference, we receive more than 6000
weekly submissions from systems that are still running jessie.
> I don't think the security properties of a popcon recipient PGP key and
> the WebPKI keys is all that different. Both are keys held by others who
> users have little information about. At least for WebPKI there are
> policies and transparency mechanisms in place, but the Debian PGP keys
> we have none of that. Which approach results in better outcome is
> probably a subjective opinion.
The public PGP key is shipped in the popularity-contest package.
This key is only used to send popcon report, which are assumed to
be of moderate sensibility only (otherwise, do not report!).
A copy of what have been sent is logged in /var/log/.
Any consideration of security needs to include the security of the server.
Cheers,
Bill.
Reply to: