On Mon, Jan 07, 2019 at 04:36:38PM -0500, John Harris wrote: > My suggestion was not because of some fear that the machine ID would be > leaked, but rather my personal opinion that this UUID should not be derived > in > any way from the machine ID.
John, what's the concern there? I agree that it's a little more complicated story to tell, but I think it's pretty reasonable to trust that it can't be reversed in a useful way. Particularly, there are a lot easier ways for an adversary to track a (still anonymous!) Fedora installation than this attack vector, and the advantage (cleaned by standard image prep) is clear. > We need to first decide whether or not we want > containers and other declarative environments to be considered separate > machines. Sorry, I'm not seeing the connection. Maybe it's just too late in the day. Can you spell it out for me? -- Matthew Miller <mat...@fedoraproject.org> Fedora Project Leader _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
