On 2022-07-23 21:24:38 (+0200), Kristian Klausen wrote:
The load aspect should be solvable, worst-case DevOps gets annoyed ;)
My main concern is putting ourselves in a position, where we know every arch installation, yes it is just the IP addresses, but still. At the same time it becomes easier to detect that a computer is running arch, by just look at the network traffic (yes you can already do that today, by checking if the computer is connecting to a arch mirror).
Maybe I'm blowing it out of proportion, but with our user base being more privacy aware than most people, I think it is worth mentioning.
Fair point, however, a similar concern was networkmanager doing a connectivity check [1]. It is up to us to configure our webserver accordingly and be as privacy conserving as possible. E.g. If we wanted to track users (which we don't), we could do so on a rudimentary basis now already by tracking downloads of packager keys. The Web Key Directory is a way more centralistic approach than e.g. SKS was, but we also have better control over how and what we provide there. Best, David [1] https://github.com/archlinux/svntogit-packages/blob/8bdf9488f2845cad52794589... -- https://sleepmap.de