From: "nick" <nick@nicholasjohnson.ch>
To: "Jason Pyeron" <jpyeron@pdinc.us>,
"'Junio C Hamano'" <gitster@pobox.com>
Cc: <git@vger.kernel.org>
Subject: Re: Git Privacy
Date: Mon, 17 Jul 2023 04:20:12 +0000 [thread overview]
Message-ID: <CU45QDSITT7K.1HLDIM21MXW7H@anonymous> (raw)
In-Reply-To: <00b901d9b83d$249a2d20$6dce8760$@pdinc.us>
Jason Pyeron wrote:
> > nick wrote:
> > Come to think of it, even if timezones were converted to UTC by default,
> > time of day would still leak information about a user's likely timezone.
>
> Discussed this with our policy wonks...
>
> Short answer - no. There is no legal assumption that can be made - your
> work hours cannot be assumed to be 9-5. They also said that time zone is
> "too broad at 1/24th of the world", but understood the concern.
An adversary may have other information which can be correlated with the
timestamps or timezone, making them less benign than in isolation.
> That being said the recommendation is to add --privacy
I'm not familiar with the processes here. Is it my responsibility to
implement it since I proposed it or who shall implement it?
> Where it assumes some defaults and those defaults can be controlled in
> your config or via --privacy=option1,option2
>
> And then some of the options can be:
>
> date-timezone=UTC
>
> date-precision=8hour
This sounds great. A few preliminary ideas on implementation:
'date-precision' must round the author AND committer timestamps
otherwise it's useless
'date-precision' must round down, never into the future
'date-timezone' must convert the date from local time and not just
replace the timezone
Any thoughts on making 'date-precision' also apply to GnuPG signature
timestamps? It's possible to specify a custom GnuPG command which does
this using gpg.program, but it's inconvenient. The relevant GnuPG option
is '--faked-system-time <epoch>!'
If that idea is no good, there should at least be a warning displayed
when the user signs anything with GnuPG with 'date-precision' enabled.
If that idea is good, then there should be a conditional check that the
rounding performed by 'date-precision' does not round down to before the
signing key was generated. Otherwise the signature will be invalid.
next prev parent reply other threads:[~2023-07-17 4:19 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-13 16:27 Git Privacy nick
2023-07-13 17:11 ` Junio C Hamano
2023-07-14 9:22 ` nick
2023-07-14 16:45 ` Junio C Hamano
2023-07-15 4:32 ` nick
2023-07-16 11:47 ` René Scharfe
2023-07-16 22:52 ` nick
2023-07-17 2:36 ` Junio C Hamano
2023-07-17 2:57 ` Junio C Hamano
2023-07-17 5:36 ` nick
2023-07-17 20:57 ` Theodore Ts'o
2023-07-17 22:49 ` nick
2023-07-17 16:37 ` Junio C Hamano
2023-07-16 23:07 ` nick
2023-07-16 23:27 ` Jason Pyeron
2023-07-17 4:20 ` nick [this message]
2023-07-18 21:59 ` brian m. carlson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CU45QDSITT7K.1HLDIM21MXW7H@anonymous \
--to=nick@nicholasjohnson.ch \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jpyeron@pdinc.us \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.