timedatectl Should Not be Enabled by Default: Privacy/Anonymity risks
intrigeri
intrigeri at debian.org
Mon Jul 27 08:55:56 BST 2015
Hi,
bancfc wrote (26 Jul 2015 18:19:59 GMT) :
> The research comes from WhonixOS a privacy centric distro like TAILS.
For the record, this does not imply any position from Tails regarding
this topic: the Tails threat model generally does not apply as-is
to Debian.
Also, it would be good to describe what exact threat model you see
timedatectl as a security/privacy problem, so Debian has the data to evaluate
if/how its default installation settings behave in that context:
looking at one single potential issue in isolation does not make much
sense to me, if there are potentially dozens of other ways for an
attacker to do what they want. Thanks in advance!
To end with, I'm wondering whether this email is really
about timesyncd.
Cheers,
--
intrigeri
More information about the Pkg-systemd-maintainers
mailing list