Thank you,
comet--berkeley. That improves my clarity of understanding, and to aid discussion, your concern is apparently this, from install.sh:
Code:
# If we managed to talk to the ftplist server before, tell it what
# location we used... so it can perform magic next time
if [[ -s $SERVERLISTALL ]]; then
_i=
[[ -n $installedfrom ]] && _i="install=$installedfrom"
[[ -n $TZ ]] && _i="$_i&TZ=$TZ"
[[ -n $method ]] && _i="$_i&method=$method"
[[ -n $_i ]] && ftp -Vao - \
"http://129.128.5.191/cgi-bin/ftpinstall.cgi?$_i" >/dev/null 2>&1 &
fi
and this from install.sub:
Code:
install_files "$_url_base" "$_file_list"
# Remember where we installed from
installedfrom=$_url_type://$_server_ip/$_server_dir
# Bake a package path if we installed from a mirror
if [[ -n $_mirror ]]; then
PACKAGE_PATH=$(print -r -- "$installedfrom" |
sed -E "/\/(snapshots|[0-9]\.[0-9])\/($ARCH)\/*$/!d
s!!/\1/packages/$(arch -s)/!;q")
else
PACKAGE_PATH=
fi
This capability was added in May, 2009, for inclusion in OpenBSD 4.6. From
http://www.openbsd.org/plus46.html:
Quote:
Various installation script updates and fixes, and a new ftplist backend that tries to provide a good ftp server for you to use.
|
I couldn't find a public discussion in mailing list archives from that time period. That doesn't mean it did not occur.
Personally, I'm not too concerned that there is a recording of my public facing IP addresses that shows that I've run an OpenBSD installation script; anyone querying my bastion firewalls will discover I'm running the OS; I don't run services in "stealth" mode -- I use PF block rules with the return option -- and don't fear the fingerprints the OS and its services provide.
I expect all of the mirror servers log accesses locally but that is data stored by each mirror and not consolidated as in this collection.
I find myself thinking that this collection of metadata might have been better publicized, and that an "opt out" capability should be implemented. This data could be interpreted as PII in many jurisdictions, and the Project therefore acting in the dual roles of Data Collector and Data Processor.
We can certainly discuss this, and if there is consensus, perhaps one (or more) of us can develop a patch that provides both notification and "opt out" capability, for consideration by deraadt@ and the other developers who implemented and support the feature.