[Popcon-developers] To the maintainers of the Debian Package Popularity Contest

Subject: [Popcon-developers] To the maintainers of the Debian Package Popularity Contest
From: Bill.Allombert@math.u-bordeaux1.fr (Bill Allombert)
Date: Wed, 17 Nov 2010 11:20:57 +0100
Message-id: <[🔎] 20101117102057.GN9866@yellowpig>
In-reply-to: <[🔎] 20101116170445.20317876o32d57rw@webmail.telecom-bretagne.eu>
References: <[🔎] 20101116170445.20317876o32d57rw@webmail.telecom-bretagne.eu>

On Tue, Nov 16, 2010 at 05:04:45PM +0100, xu.zhang at telecom-bretagne.eu wrote:
> Hi,
> 
> I'm a phd student in the department of Computer Science at
> Telecom-Bretagne, France. I'm writing to ask for your help which
> will be greatly valuable for my research work.
> 
> The subject of my thesis is "a distributed package management
> network". Our project aims at constructing a decentralized
> infrastructure that facilitates the deployment and distribution of
> free software packages in the future Internet (just like what apt
> does today but in a fully-decentralized manner and with more concern
> on user-generated software).
> 
> In order to study the main properties of package distribution as
> well as to launch simulations, we are currently trying to collect
> trace data from individuals (ex: students in our school) who wish to
> provide information of their own systems (installed packages,
> version of each package, update history etc). However, it is very
> difficult for us to obtain anonymous data from a large scale,
> non-administered network. That's why the Debian Popularity Contest
> has greatly attracted our interest. So our request here is, could
> you please allow us to access your database which contains the raw
> data collected weekly? We promise that this data will only be used
> for research purpose. It will be very helpful for us to have this
> information. Pleas let us know if you have any question concerning
> our project. Thank you in advance.

Hello,

Sorry, we promised to popularity-contest users that the raw data will
be anonymised and that the non-agregated anonymised data will only be available
to Debian developers. 

Note that popularity-contest does not report the package version, and the
only information about update is that the package is marked "new".

There are various real security concerns with popularity-contest:
The list of packages might help an attacker find vulnerable software installed
on your system.  Someone can guess that you are in holiday from the report, etc.

Good luck with your project,

Cheers,
-- 
Bill. <ballombe at debian.org>

Imagine a large red swirl here.

Reply to:

References:
- [Popcon-developers] To the maintainers of the Debian Package Popularity Contest
  - From: xu.zhang at telecom-bretagne.eu (xu.zhang@telecom-bretagne.eu)

Prev by Date: [Popcon-developers] To the maintainers of the Debian Package Popularity Contest
Next by Date: [Popcon-developers] Bug#604449: [popularity-contest] updated level2 d-i Greek translation
Previous by thread: [Popcon-developers] To the maintainers of the Debian Package Popularity Contest
Next by thread: [Popcon-developers] Bug#604449: [popularity-contest] updated level2 d-i Greek translation
Index(es):
- Date
- Thread