Bug#943716: systemd: generates a directory name with the /etc/machine-id value, which is confidential
Michael Biebl
biebl at debian.org
Tue Oct 29 07:21:07 GMT 2019
Am 29.10.2019 um 02:25 schrieb Vincent Lefevre:
> Note also that the same paragraph recommends to use a hash as a
> stable unique identifier. But since this is meant to be stable
> and unique, this would also allow the machine to be tracked if
> such a hash is exposed on the network. So the reason you give
> is obviously wrong.
This API (sd_id128_get_machine_app_specific) was added to selectively
allow tracking (say for popcon like cases) but wouldn't allow to get the
original machine-id.
If you used the original machine-id for such a use case, it would mean
you could correlate the data for other ussage scenarios as well, which
could be problematic.
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20191029/8c11fccf/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list