There's no point wasting development resources on threats that may never emerge. If attacks become a problem, it can be dealt with then -- when more information on the nature of the threat is available, so a better solution can be developed than now (when there is no information, only speculation). We're not talking about an airline control system here, where waste is more than acceptable if it trivially reduces risk. Regards, John On Jan 15, 2009, at 6:38 AM, Yitzchak Gale wrote:
Duncan Coutts wrote:
Detailed build reports with logs are not anonymous, clients will need an account on hackage (ie username and password).
Right. If we experience problems with that in the future, we just have to make sure that it won't be too hard to set up captcha.
they'll either be obviously bogus
Aren't we talking about an automated system? If we don't explicitly design for the possibility of hostile reports, any automated recognition will be trivial to circumvent.
or drowned out by the volume of legit reports.
Again, if this is automated, it is trivial generate the required volume.
-Yitz _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe