Hi, Justin! On Mar 10, Justin Swanhart wrote:
Where is it described exactly what is collected? Descriptions I see say it is "basically ..." well, no, I want a full description of all data collected, particularly if it collects versions of software as knowing what version of software I'm running lets you know what I'm vulnerable to.
It's explained here: https://mariadb.com/kb/en/feedback-plugin/ Basically :) you can do mysql -e 'select * from information_schema.feedback' > report.txt curl -F data=@report.txt https://mariadb.org/feedback_plugin/post and the result will be exactly the same. And you can set --feedback-url to any url of your choice and see exactly what is being sent.
Is the data sent via SSL?
Yes, by default. Unless you change feedback_url to use http, not https.
Is the data stored encrypted in your data center?
No, I don't think so.
I certainly don't want my c library version, mariadb version, etc, sent in clear over the internet where anybody can read it, and I don't want it stored unencrypted at rest somewhere, where someone can just abscond with it.
C library version is not sent, MariaDB version is. But they're not tied to you - nobody can trace these data back, we certainly cannot. Regards, Sergei