[Popcon-developers] Bug#880121: Bug#880121: Bug#880121: popularity-contest: popcon-upload should be made to POST over https
Bill Allombert
ballombe at debian.org
Thu Jan 4 10:59:44 UTC 2018
On Thu, Jan 04, 2018 at 11:26:49AM +0100, Mateusz Jończyk wrote:
> W dniu 04.01.2018 o 11:18, Bill Allombert pisze:
> > On Thu, Jan 04, 2018 at 10:54:42AM +0100, Mateusz Jończyk wrote:
> >> Hello,
> >> It is known that NSA was using error messages from Windows to check which
> >> software is installed on user computers and which software they can hack[1].
> >>
> >> So uploading a list of installed software over plaintext is dangerous.
> >
> > The list is not in plaintext. It is encrypted with GnuPG before being sent
> >
> > Cheers,
> >
> I'm sorry, but I have reviewed the source code and didn't find any place where
> it is encrypted with GPG.
> I have been browsing version 1.65 from buster.
<https://codesearch.debian.net/search?q=package%3Apopularity-contest+gpg>
first hit.
Cheers,
--
Bill. <ballombe at debian.org>
Imagine a large red swirl here.
More information about the Popcon-developers
mailing list