15 Jan
2009
15 Jan
'09
8:09 a.m.
Duncan Coutts wrote:
let random users... submit... build reports...
I wrote:
...we open ourselves up to... hostile build reports and DOS.
Manlio Perillo wrote:
DOS is always a problem, for every application open to the Internet.
Yes. But I didn't mean just generic flooding. I meant abusing the effect of build reports to create a DOS.
As for hostile builds reports, I don't see it as a security concern.
Hostile build reports could effectively remove a package from hackage. Or bless a faulty package, causing problems on other people's systems. -Yitz