security-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [security-discuss] gnuradio project DoS attacks GNU wget users


From: Richard Stallman
Subject: Re: [security-discuss] gnuradio project DoS attacks GNU wget users
Date: Thu, 02 Mar 2017 11:52:12 -0500

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > We strongly urge you to use ftp.gnu.org as the standard distribution
  > site for releases. Doing so makes it easier for developers and users
  > to find the latest GNU releases. However, it is ok to use another
  > server if you wish, provided it allows access from the general public
  > without limitation (for instance, without excluding any country).

"From the general public without limitation" means "without excluding
anyone."  It has nothing to do with what method of downloading is
supported.

  > That way, I am limited, when using wget, and wrong Tor exit
  > (hypothetically) to access the software. It is a clear limitation.

This is a misunderstanding of what our maintainer rules say.
GNU Radio is not violating them.

However, the substantive issue you've raised -- downloading releases
via Tor, and accessing web sites via Tor -- is important.  It has
nothing to do with freedom 0; it is an unrelated issue.  But it is a
significant issue for users' privacy.

A mirror can solve the problem -- but in order to make that solution
fully effective, the package should tell users where to find the
mirror.  This means the mirror would be one of the recommended ways to
download the package.

I will discuss with my advisors whether to make a GNU policy about
this.

-- 
Dr Richard Stallman
President, Free Software Foundation (gnu.org, fsf.org)
Internet Hall-of-Famer (internethalloffame.org)
Skype: No way! See stallman.org/skype.html.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]