On Tue, Jan 31, 2006 at 03:28:49PM -0800, Ian Clarke wrote: > > On 31 Jan 2006, at 15:10, Matthew Toseland wrote: > > >On Tue, Jan 31, 2006 at 02:48:42PM -0800, Ian Clarke wrote: > >>I don't think so - sending people 3MB emails through a mailing list > >>is not acceptable. > >> > >>If someone wants to look at those changes - then they can do-so > >>through the subversion command line client. > > > >It is far more convenient to do so through the mailing list, that > >is why > >we HAVE the mailing list. And our security rests on people watching > >it. > > Ok, hands up who will audit 3MB commits...
How do we make automatic verification tools deal with this? Obviously people won't verify 3MB commits by hand, but not sending them to the list undermines our whole strategy doesn't it? > > >That can be most easily verified if we let everything through. > > If you think sending 3MB commits to a mailing list means committed > code is being audited, then you are living in a dreamland. > > The reality is that sending such large files to the cvs mailing list > will only encourage users to unsubscribe, which will not help our > security. > > >> > >>BTW - why are we checking Frost source code into our subversion > >>repository? > > > >I explained. Because sleon needs somewhere to put the code in case he > >gets run over by a bus while on holiday, and because sourceforge is > >playing up. > > We have to be careful getting too closely associated with any third- > party project that could be used to make a case for inducement of > copyright infringement against us. I am not saying that Frost would > necessarily do this, but we need to be cautious. Frost does not ship any boards with dodgy names last time I looked. And freenet itself provides reasonably effective filesharing tools and will continue to improve in its quality for use in sharing large files. > > Ian. -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/tech/attachments/20060201/e5229490/attachment.pgp>
