Bug#943716: systemd: generates a directory name with the /etc/machine-id value, which is confidential

Michael Biebl biebl at debian.org
Tue Oct 29 07:25:51 GMT 2019


Am 29.10.2019 um 08:21 schrieb Michael Biebl:
> Am 29.10.2019 um 02:25 schrieb Vincent Lefevre:
> 
>> Note also that the same paragraph recommends to use a hash as a
>> stable unique identifier. But since this is meant to be stable
>> and unique, this would also allow the machine to be tracked if
>> such a hash is exposed on the network. So the reason you give
>> is obviously wrong.
> 
> This API (sd_id128_get_machine_app_specific) was added to selectively
> allow tracking (say for popcon like cases) but wouldn't allow to get the
> original machine-id.
> If you used the original machine-id for such a use case, it would mean
> you could correlate the data for other ussage scenarios as well, which
> could be problematic.
> 

https://lwn.net/Articles/776327/ , if you want to read more about it

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20191029/17d537a1/attachment.sig>


More information about the Pkg-systemd-maintainers mailing list