From: "nick" <nick@nicholasjohnson.ch>
To: "Jason Pyeron" <jpyeron@pdinc.us>,
"'Junio C Hamano'" <gitster@pobox.com>
Cc: <git@vger.kernel.org>
Subject: Re: Git Privacy
Date: Mon, 17 Jul 2023 04:20:12 +0000 [thread overview]
Message-ID: <CU45QDSITT7K.1HLDIM21MXW7H@anonymous> (raw)
In-Reply-To: <00b901d9b83d$249a2d20$6dce8760$@pdinc.us>
Jason Pyeron wrote:
> > nick wrote:
> > Come to think of it, even if timezones were converted to UTC by default,
> > time of day would still leak information about a user's likely timezone.
>
> Discussed this with our policy wonks...
>
> Short answer - no. There is no legal assumption that can be made - your
> work hours cannot be assumed to be 9-5. They also said that time zone is
> "too broad at 1/24th of the world", but understood the concern.
An adversary may have other information which can be correlated with the
timestamps or timezone, making them less benign than in isolation.
> That being said the recommendation is to add --privacy
I'm not familiar with the processes here. Is it my responsibility to
implement it since I proposed it or who shall implement it?
> Where it assumes some defaults and those defaults can be controlled in
> your config or via --privacy=option1,option2
>
> And then some of the options can be:
>
> date-timezone=UTC
>
> date-precision=8hour
This sounds great. A few preliminary ideas on implementation:
'date-precision' must round the author AND committer timestamps
otherwise it's useless
'date-precision' must round down, never into the future
'date-timezone' must convert the date from local time and not just
replace the timezone
Any thoughts on making 'date-precision' also apply to GnuPG signature
timestamps? It's possible to specify a custom GnuPG command which does
this using gpg.program, but it's inconvenient. The relevant GnuPG option
is '--faked-system-time <epoch>!'
If that idea is no good, there should at least be a warning displayed
when the user signs anything with GnuPG with 'date-precision' enabled.
If that idea is good, then there should be a conditional check that the
rounding performed by 'date-precision' does not round down to before the
signing key was generated. Otherwise the signature will be invalid.
next prev parent reply other threads:[~2023-07-17 4:19 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-07-13 16:27 Git Privacy nick
2023-07-13 17:11 ` Junio C Hamano
2023-07-14 9:22 ` nick
2023-07-14 16:45 ` Junio C Hamano
2023-07-15 4:32 ` nick
2023-07-16 11:47 ` René Scharfe
2023-07-16 22:52 ` nick
2023-07-17 2:36 ` Junio C Hamano
2023-07-17 2:57 ` Junio C Hamano
2023-07-17 5:36 ` nick
2023-07-17 20:57 ` Theodore Ts'o
2023-07-17 22:49 ` nick
2023-07-17 16:37 ` Junio C Hamano
2023-07-16 23:07 ` nick
2023-07-16 23:27 ` Jason Pyeron
2023-07-17 4:20 ` nick [this message]
2023-07-18 21:59 ` brian m. carlson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CU45QDSITT7K.1HLDIM21MXW7H@anonymous \
--to=nick@nicholasjohnson.ch \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=jpyeron@pdinc.us \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).