[Haskell-cafe] Cabal dependency hell
wren ng thornton
wren at freegeek.org
Wed Apr 14 00:28:59 EDT 2010
Duncan Coutts wrote:
> On Sun, 2010-04-11 at 18:43 +0200, Maciej Piechotka wrote:
>> - Privacy problem. I don't want the software to call home with data
>> without asking.
>
> Obviously it is important that the data be anonymous and that we do not
> send stuff without the user's knowledge. While there is not any directly
> identifying information in the existing anonymous build reports, one has
> to be very careful with how much access the server provides to the
> reports or it may become possible to infer identifying information.
One possibility for mitigating the issues here is to have cabal present
the entire message to the user for scrubbing prior to being
submitted,[1] similar to how version control systems generally provide a
summary of the patch (albeit uneditable) when asking for a patch
description.
That poses other problems (e.g., reports which are too incomplete to be
helpful or which are intentionally erroneous), and doesn't cover
everything (e.g., taking advantage of outside knowledge that Duncan is
one of the few users on Sparc/Linux), but it helps to solve the
declassification problem (i.e., what data the user is willing to reveal
to the server).
[1] Ideally in a way which allows scripting the scrubbing so folks can
just specify preferences once. If we wanted to keep things simple for
the implementors, then hooking into $EDITOR and assuming folks know how
to script their favorite editor is one approach. Otherwise we'll want a
(E)DSL that can be specified in config files.
--
Live well,
~wren
More information about the Haskell-Cafe
mailing list