The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Central register of package use

On Sat, 1 Feb 1997, Jim Pick wrote:

>I agree.  And when the user selects it, the postinst script will display a
>warning, and prompt the user.  Also, the mail should be cc:'d to the system
>administrator.

Yup, agreed.

>Also, when the mail is sent to selections, it should not be made available
>to the public in such a way that someone can determine which packages are
>running on someone's system.  I think that could be a major security hole
>because "hackers" could just scan the listing for someone who has a
>vulnerable version of sendmail installed, for example.  

I was thinking of a script at the other end that will _only_ release
overall statistics about packages and will _not_ release details of
individual installations.

My total idea for the system would parse the mail something like:

Mail to selections@lists.debian.org with Subject line: $HOSTNAME
selections would be output to a file selections-$HOSTNAME. This means an
update will automatically replace the previous input from a given host.
The From: line might be extracted to another file so that logs can be kept
of who is using the system.

Also, any mail received at selections@lists.debian.org not conforming to a
set pattern will be bounced. No mail to selections will be able to elicit
a response giving somebody's answers. Any entries older than say, 3
months, will be deleted so we only have current package use documented.

Once per (day? hour?) a data collection script (trivial, awk or perl) is
run on the output files and its output is dumped into selections-results.

Mail to selections-results@lists.debian.org will return this output,
sorted either alphabetically by package or numerically by amount of
package use. A simple search interface could be provided so that details
of a certain package or packages can be extracted easily. In all cases,
the number of responses used to generate the output will be stated to
allow usage proportions to be checked.

Any more comments?

-- 
Steve McIntyre, stevem@chiark.greenend.org.uk The Unix world's best mod player
          <a href=http://www.chiark.greenend.org.uk/~stevem/mikmod/>MikMod</a>
"Can't keep my eyes from the circling sky,                 +------------------
"Tongue-tied & twisted, Just an earth-bound misfit, I..."  |Finger for PGP key


--
Please respect the confidentiality of material on the debian-private list.
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com