On 2022-07-23 21:24:38 (+0200), Kristian Klausen wrote: > The load aspect should be solvable, worst-case DevOps gets annoyed ;) > > My main concern is putting ourselves in a position, where we know > every arch installation, yes it is just the IP addresses, but still. > At the same time it becomes easier to detect that a computer is > running arch, by just look at the network traffic (yes you can already > do that today, by checking if the computer is connecting to a arch > mirror). > > Maybe I'm blowing it out of proportion, but with our user base being > more privacy aware than most people, I think it is worth mentioning.
Fair point, however, a similar concern was networkmanager doing a connectivity check [1]. It is up to us to configure our webserver accordingly and be as privacy conserving as possible. E.g. If we wanted to track users (which we don't), we could do so on a rudimentary basis now already by tracking downloads of packager keys. The Web Key Directory is a way more centralistic approach than e.g. SKS was, but we also have better control over how and what we provide there. Best, David [1] https://github.com/archlinux/svntogit-packages/blob/8bdf9488f2845cad527945898b5cb045a263a073/trunk/PKGBUILD#L121-L125 -- https://sleepmap.de
signature.asc
Description: PGP signature
