maria-discuss team mailing list archive

[Sergei Golubchik <serg@xxxxxxxxxxx>]

Hi, Justin!

On Mar 10, Justin Swanhart wrote:
> 
> Where is it described exactly what is collected?  Descriptions I see
> say it is "basically ..."  well, no, I want a full description of all
> data collected, particularly if it collects versions of software as
> knowing what version of software I'm running lets you know what I'm
> vulnerable to.

It's explained here:  https://mariadb.com/kb/en/feedback-plugin/
Basically :) you can do

  mysql -e 'select * from information_schema.feedback' > report.txt
  curl -F data=@report.txt https://mariadb.org/feedback_plugin/post

and the result will be exactly the same. And you can set --feedback-url
to any url of your choice and see exactly what is being sent.

> Is the data sent via SSL?

Yes, by default. Unless you change feedback_url to use http, not https.

> Is the data stored encrypted in your data center?

No, I don't think so.

> I certainly don't want my c library version, mariadb version, etc,
> sent in clear over the internet where anybody can read it, and I don't
> want it stored unencrypted at rest somewhere, where someone can just
> abscond with it.

C library version is not sent, MariaDB version is. But they're not tied
to you - nobody can trace these data back, we certainly cannot.

Regards,
Sergei