>> Thoughts ? Opinions ? > I've looked at this before, and I like the idea of it.
Same here > The problem I see though, is that we will need to maintain a > registration system - as I think it would be trivial for a spammer to > pollute anything that is open. They control hundreds of thousands of > computers. They could easily inject scoring info via these zombies to > manipulate the data - no matter how averaged it might be. Yes; that's actually one of the weak points... or better said; it's ok to use that approach as long a you trust the other peers, but applying them to "whatever host out there" at the moment is crazy... although... aren't we exposed to a similar risk when we update the griplist ?!? Also, set aside for a minute the "whitelist" idea and focus on the general approach; I think it may be valid for other types of infos we may need to distribute through various running instances of ASSP; it may even be a good approach to distribute the greylist to a bunch of different ASSPs (now we use the database, tomorrow it may be a P2P approach :-D) and not just that; let's go back to the whitelist idea; there may be a hub (e.g. the ASSP site) from which the various "peers" may fetch a list of trustable hosts which they may use to *fetch* the whitelist infos (I'm thinking to the idea of a "central-directory" used e.g. by TOR) ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Assp-test mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-test
