maria-discuss team mailing list archive
Mailing list archive
Re: Enabling feedback pluging for MariaDB 10.1.4
On Mar 10, Justin Swanhart wrote:
> Where is it described exactly what is collected? Descriptions I see
> say it is "basically ..." well, no, I want a full description of all
> data collected, particularly if it collects versions of software as
> knowing what version of software I'm running lets you know what I'm
> vulnerable to.
It's explained here: https://mariadb.com/kb/en/feedback-plugin/
Basically :) you can do
mysql -e 'select * from information_schema.feedback' > report.txt
curl -F firstname.lastname@example.org https://mariadb.org/feedback_plugin/post
and the result will be exactly the same. And you can set --feedback-url
to any url of your choice and see exactly what is being sent.
> Is the data sent via SSL?
Yes, by default. Unless you change feedback_url to use http, not https.
> Is the data stored encrypted in your data center?
No, I don't think so.
> I certainly don't want my c library version, mariadb version, etc,
> sent in clear over the internet where anybody can read it, and I don't
> want it stored unencrypted at rest somewhere, where someone can just
> abscond with it.
C library version is not sent, MariaDB version is. But they're not tied
to you - nobody can trace these data back, we certainly cannot.