[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

PTS subscription exposure - looking for a fix

On Tue, Mar 02, 2010 at 11:08:16AM +0100, Gerfried Fuchs wrote:
>  Like suggested by Lucas himself, I bring up this issue on the debian
> project list. The context is that Lucas did put up a new "service" and
> data collector in UDD that contains the PTS subscription. He announced
> it in his blog: <http://www.lucas-nussbaum.net/blog/?p=453>

I believe it is now clear from the thread that there are several people
that consider the current approach a privacy violation. That being clear
now, it is pretty pointless to continue finger pointing (that's not
targeted at Rhonda, it is a completely general comment).

I try to summarize here (my interpretation of) some of the points that
have been raised in a brief follow-up to this discussion happened on
#debian-qa a few hours ago (sorry, I don't have logs).

- it is considered unacceptable to let non-DDs access the subscription

- using hashes it is not enough to solve that, as long as hashes are
  computable by anyone

Lucas reported that in a past discussion with DSA, it has been evaluated
the possibility of restricting access to specific tables, so that they
are accessible only by specific machines. If that were possible, we
could restrict the access to the machine implementing the web interface
to PTS subscriptions [1], or any other DD-only service FWIW, and close
access to all guest accounts on alioth.debian.org (which is pretty much
the same as having public information, since everyone can get an account
on alioth).

Back then, such a solution was considered non feasible (that's what I've
been told), but I don't know the details. I'm hence copying DSA list to
check whether we can re-evaluate the solution and/or know more details
about that.

In general, I believe having a DD-restricted place which has privileged
access to UDD can be useful, as it will allow storing into UDD sensible
data. That would for instance enable to do some "sensible" QA work (a-la
MIA), without disclosing data into the wild.


[1] Yes, the web interface would then need some form of authentication,
    but that's a different problem, let's go step-by-step, shall we?

Stefano Zacchiroli -o- PhD in Computer Science \ PostDoc @ Univ. Paris 7
zack@{upsilon.cc,pps.jussieu.fr,debian.org} -<>- http://upsilon.cc/zack/
Dietro un grande uomo c'è ..|  .  |. Et ne m'en veux pas si je te tutoie
sempre uno zaino ...........| ..: |.... Je dis tu à tous ceux que j'aime

Attachment: signature.asc
Description: Digital signature

Reply to: