ROSA Popularity Contest FAQ
Q) What information is reported by rosa-popularity-contest ?
A) rosa-popularity-contest reports the system architecture you use, the version of rosa-popularity-contest you use and the list of packages installed on your system. For each package, rosa-popularity-contest looks at the most recently used (based on atime) files, and reports the filename, its last access time (atime) and last change time (ctime). However, some files are not considered, because they have unreliable atime.
Q) What is considered a 'vote' for a package ?
A) A computer 'vote' for a package if according to the data provided in the report, a program provided or depending on the package was used less than thirty days ago. This computation is performed on the server side.
Q) What are the privacy considerations for rosa-popularity-contest ?
A) Each popularity-contest host is identified by a random 128bit uuid (MY_HOSTID in /etc/rosa-popularity-contest.conf). This uuid is used to track submissions issued by the same host. It should be kept secret. The reports are sent by over HTTP to the ROSA server. The server automatically extracts the report and stores it in a database for a maximum of 20 days or until the host sends a new report. This database is readable only by ROSA Developers. Every day, the server computes a summary and builds statistics. This statistics is based on a merge of all the submissions and does not include uuids.
Known weaknesses of the system:
- Your submission might be eavesdropped. We evaluate the possibility to use public-key cryptography to protect the submission while in transit.
- Someone who knows that you are very likely to use a particular package reported by only one person (e.g. you are the maintainer) might infer you are not at home when the package is not reported anymore. However this is only a problem if you are gone for more than two weeks if the computer is shut-down and 23 days if it is let idle.
- Unofficial and local packages are reported. This can be an issue due to 2) above, especially for custom-build kernel packages. We are evaluating how far we can alleviate this problem. Note, however, that such packages are not displayed in statistics in any way.
Q) /usr is mounted with 'noatime'.
A) rosa-popularity-contest relies on atime to know what packages were used during the last month. This means you will only report the list of packages installed without usage information.
Q) When does rosa-popularity-contest run ?
A) popularity-contest is run by the daily cron job /etc/cron.daily/popularity-contest-cron, but only one day in the week, which is specified in the configuration file. This day is chosen randomly to spread the load on the server. If /etc/cron.daily/popularity-contest-cron has not run for more than a week, it will accept to run any day.
Q) How can I convert the timestamps in the popcon report to human-readable dates?
A) The timestamps are just the number of seconds since the epoch, namely 1970-01-01 00:00:00 UTC. You can convert e.g. 1139229934 to a human-readable date with
date -d '@1139229934'