Duncan Coutts wrote:
On Sun, 2010-04-11 at 18:43 +0200, Maciej Piechotka wrote:
- Privacy problem. I don't want the software to call home with data
without asking.
Obviously it is important that the data be anonymous and that we do not
send stuff without the user's knowledge. While there is not any directly
identifying information in the existing anonymous build reports, one has
to be very careful with how much access the server provides to the
reports or it may become possible to infer identifying information.
One possibility for mitigating the issues here is to have cabal present
the entire message to the user for scrubbing prior to being
submitted,[1] similar to how version control systems generally provide a
summary of the patch (albeit uneditable) when asking for a patch
description.
That poses other problems (e.g., reports which are too incomplete to be
helpful or which are intentionally erroneous), and doesn't cover
everything (e.g., taking advantage of outside knowledge that Duncan is
one of the few users on Sparc/Linux), but it helps to solve the
declassification problem (i.e., what data the user is willing to reveal
to the server).
[1] Ideally in a way which allows scripting the scrubbing so folks can
just specify preferences once. If we wanted to keep things simple for
the implementors, then hooking into $EDITOR and assuming folks know how
to script their favorite editor is one approach. Otherwise we'll want a
(E)DSL that can be specified in config files.
--
Live well,
~wren
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
