Lester Caine wrote:
> Due to the sheer volume of activity on SF, there WAS a problem for a while, 
> which SF was actively working to fix and currently there is no problem that I 
> know of with CVS or SVN hosting on SF and it's distribution service *IS* the 
> best available. A large number of people did jump ship, which probably helped 
> SF get things back under control, and while some of the services provided are 
> simply annoying, the distributed nature of SF means that is probably the most 
> stable provider today.
> 
At the time this decision was made, SourceForge CVS had been 
down for a SOLID WEEK, as far as I could tell!  They had been 
unreliable for at least several months before that, but you 
could just try again in a few hours and it usually would work. 
But, having them down for an entire week brought EMC development 
to a total standstill.
> If someone decided that linuxcnc.org was ripe for a sustained attack then it 
> would not be able to cope, and would become unusable. Unlikely you might say, 
> but hackers have been picking on sites simply for the fun of putting things 
> off line, so linuxcnc.org is a single point that could easily be taken down.
> 
Well, my bank could be subject to a sustained attack by 
criminals, too, but I still keep my money there.
> So while a switch may have seemed appropriate at the time, personally I think 
> it was probably premature and like Paul - I am unwilling to manually submit 
> keys to a site which requests them via email. So I will remain a lurker 
> rather 
> than becoming more actively involved.
Why do you feel these keys are such a vulnerability?  These keys 
can be generated specifically for LinuxCNC ONLY, and not used on 
any other site.  Also, they are useless for accessing anything 
on YOUR computer, they are generated for your computer to access 
outside sites only.  The only possible harm that could come from 
these keys is someone could spoof being you and do something 
malicious to the LinuxCNC repository.  Since the source IP is 
recorded with all commit activity, it would be relatively easy 
to show that the person using your key wasn't you.  This is a 
very far-fetched scenario, anyway.

Jon

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >>  http://get.splunk.com/
_______________________________________________
Emc-users mailing list
Emc-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/emc-users

Reply via email to