On Sun, Dec 30, 2018 at 01:37:26PM -0700, Theo de Raadt wrote: > That's a big step you are taking there > > "ldattach -t nmea" was written to extract time information for ntpd. > > It was not written to extract any other information. > > Until you came up with a diff which extracts other information. > > The time information was not privacy sensitive, so the previous design > of exporting to all processes via sysctl was acceptable. However now > there is privacy sensitive information, and sysctl export to all processes > seems unsuitable.
seems this 'position' has changed over the years... ---------------------------- revision 1.37 date: 2010/04/21 23:43:39; author: sthen; state: Exp; lines: +63 -52; Provide nmea(4) position information using the new angle sensor type. Use SENSOR_FINVALID until we have good data, suggested by deraadt@ "i am happy" deraadt@ ---------------------------- revision 1.30 date: 2008/07/22 06:06:47; author: mbalmer; state: Exp; lines: +13-8; deactivate the code to display location in the sensor description ---------------------------- revision 1.28 date: 2008/07/06 21:03:13; author: mbalmer; state: Exp; lines: +58-1; Add the position to the sensor description. discussed with otto, sthen, ckuethe. ok otto ---------------------------- the position information is public *right now* (and since 8 years) if you plug an nmea(4) device with ldattach to use it as a timedelta source. > > This is imo orthogonal to the privacy discussion, and i personally have > > no plans to dig into adding knobs for restricting/allowing fine-grained > > access to devices. > > So you have no plans to address the privacy concerns? Personally, no. But i'll welcome and test diffs from anyone who has serious concerns about it, and actual plans to improve the current situation.
