Browse Source

popularity-contest: Truncate time to multiple of 12 hours

This does not make any practical difference for the vote computation
while it increases privacy by not publishing the exact time.
suites/ascii
Bill Allombert 9 years ago
parent
commit
ea05f95b4a
  1. 3
      FAQ
  2. 3
      debian/changelog
  3. 16
      popularity-contest

3
FAQ

@ -7,7 +7,8 @@ A) popularity-contest reports the system vendor [1], the system architecture
installed on your system. For each package, popularity-contest looks at the
most recently used (based on atime) files, and reports the filename, its
last access time (atime) and last change time (ctime). However, some files
are not considered, because they have unreliable atime.
are not considered, because they have unreliable atime. For privacy reasons,
the times are truncated to multiple of twelve hours.
[1] i.e. the dpkg Vendor field, see dpkg-vendor(1).

3
debian/changelog

@ -23,6 +23,9 @@ popularity-contest (1.58) UNRELEASED; urgency=low
- Accept encrypted report.
+ examples/bin/prepop.pl, examples/bin/popcon-process.sh
- Add support for decrypting encrypted report
* popularity-contest:
- truncate reported atime and ctime to multiple of 12 hours to reduce
information leak. Closes: #707951 Thanks Bernhard R. Link
-- Bill Allombert <ballombe@debian.org> Sun, 19 May 2013 21:31:39 +0200

16
popularity-contest

@ -75,9 +75,13 @@ if (open(VENDOR, "<", $dpkg_origin))
# Initialise time computations
my $now = time;
my $daylen = 24 * 60 * 60;
my $halfdaylen = 12 * 60 *60;
my $daylen = 2 * $halfdaylen;
my $monthlen = $daylen * 30;
my $lastmonth = $now - $monthlen;
sub trunc_time {
return $halfdaylen * int($_[0] / $halfdaylen);
}
my %popcon=();
@ -130,25 +134,27 @@ while (<PACKAGES>)
# It's currently being accessed by a process
$atime = time();
}
print STDERR if (!defined($atime));
if (!defined($bestatime) || $atime >= $bestatime)
{
# Truncate time to reduce informaton leak.
my $tatime = &trunc_time($atime);
my $tctime = &trunc_time($ctime);
$bestatime=$atime;
if ($atime < $lastmonth)
{
# Not accessed since more than 30 days.
$popcon{$pkg}=[$atime,$ctime,$pkg,$_,"<OLD>"];
$popcon{$pkg}=[$tatime,$tctime,$pkg,$_,"<OLD>"];
}
elsif ($ctime > $lastmonth && $atime-$ctime < $daylen)
{
# Installed/upgraded less than a month ago and not used after
# install/upgrade day.
$popcon{$pkg}=[$atime,$ctime,$pkg,$_,"<RECENT-CTIME>"];
$popcon{$pkg}=[$tatime,$tctime,$pkg,$_,"<RECENT-CTIME>"];
}
else
{
# Else we `vote' for the package.
$popcon{$pkg}=[$atime,$ctime,$pkg,$_];
$popcon{$pkg}=[$tatime,$tctime,$pkg,$_];
}
}
}

Loading…
Cancel
Save