On 2025-03-27 20:57:52 +0100 (+0100), Petter Reinholdtsen wrote:
[Simon Josefsson] > Why does it need to encrypt data?To protect the users privacy. > Can't we just send telemetry over https like everyone else?Not all popcon submissions go over https, the fallback mechanism is SMTP.
Also, OpenPGP encryption for the PopCon key means that you trust the handful of Debian project members and systems entrusted with access to that private key. Relying on HTTPS (SSL/TLS) means you're going to trust every organization who controls a CA in the root certificates list on your system as well as anyone/anything they might delegate wildcard records to (unless popularity-contest pins specific server certs, I haven't dug deep enough to know whether it does).
Not that I personally feel like my popcon data is so highly sensitive that I'm worried about random governments or organized crime^W^Wcorporate interests snooping it, but the distinction is significant. PGP and TLS are not even remotely similar models privacy-wise.
-- Jeremy Stanley
signature.asc
Description: PGP signature
