Lester Caine wrote: > Due to the sheer volume of activity on SF, there WAS a problem for a while, > which SF was actively working to fix and currently there is no problem that I > know of with CVS or SVN hosting on SF and it's distribution service *IS* the > best available. A large number of people did jump ship, which probably helped > SF get things back under control, and while some of the services provided are > simply annoying, the distributed nature of SF means that is probably the most > stable provider today. > At the time this decision was made, SourceForge CVS had been down for a SOLID WEEK, as far as I could tell! They had been unreliable for at least several months before that, but you could just try again in a few hours and it usually would work. But, having them down for an entire week brought EMC development to a total standstill. > If someone decided that linuxcnc.org was ripe for a sustained attack then it > would not be able to cope, and would become unusable. Unlikely you might say, > but hackers have been picking on sites simply for the fun of putting things > off line, so linuxcnc.org is a single point that could easily be taken down. > Well, my bank could be subject to a sustained attack by criminals, too, but I still keep my money there. > So while a switch may have seemed appropriate at the time, personally I think > it was probably premature and like Paul - I am unwilling to manually submit > keys to a site which requests them via email. So I will remain a lurker > rather > than becoming more actively involved. Why do you feel these keys are such a vulnerability? These keys can be generated specifically for LinuxCNC ONLY, and not used on any other site. Also, they are useless for accessing anything on YOUR computer, they are generated for your computer to access outside sites only. The only possible harm that could come from these keys is someone could spoof being you and do something malicious to the LinuxCNC repository. Since the source IP is recorded with all commit activity, it would be relatively easy to show that the person using your key wasn't you. This is a very far-fetched scenario, anyway.
Jon ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
