> > Do we have a customer use case where a per-authority UUID is okay, but a > > per-image UUID isn't? > > I was anticipating some privacy concerns--there's no reason to allow > two separate publishers to get together to correlate your package > retrievals, or to allow someone to compel such correlation. By the > way, I think one of the assumptions above is that the IP address of a > client is unchanging. That's not true, in general.
I guess I asked this question obliquely. Is there a reason why a site that has privacy concerns, about correlation or otherwise, would allow a per-authority UUID instead of unsetting the UUID completely? Are users with privacy concerns actually going to make use of this feature, or will they simply want to disable the UUID for all authorities? -j _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
