Re: [security-discuss] gnuradio project DoS attacks GNU wget users

[Jean Louis]

On Wed, Mar 08, 2017 at 12:55:19PM +0100, Anonymous wrote:
> Alfred M. Szmidt said:
> 
> >    Your PDP-10 analogy is not a constructed limitation (as an IP
> >    treatment policy is), it's actually a "limitation" due to someone
> >    else not doing some work for you, which makes it so perversely
> >    different as to only harm your position.  This false analogy
> >    clearly puts desperation on display.
> > 
> > Cloudfare is under no obligation to provide any type of access to you
> > or anyone else.  
> 
> It doesn't matter whether there is; lack of such an obligation doesn't
> change the kind of limitation in place.

Main problem of a GNU project being hosted on Cloudflare, is not the
Cloudflare itself, rather the GNU project policies or lack of
supervision of application of those policies.

GNU project is, how I see it, pretty liberal, and leaves much freedom
to maintainers. I would not, I would keep policies in, so that project
overall benefits.

Myself, I would not let GNU software being hosted "anywhere", and that
alone would spare all the discussion of Cloudflare. The documentation
would be consistent to each of other packages. Doxygen would be
allowed, but other common formats shall be available as if 95% of GNU
software have those formats, then each package shall have it for
consistency.

Let us look the proprietary hosting software Github, and their
"policies", whatever they are doing in business, they are marketing it
well, and provide consistencies in hosting. Even they are not "one
project", they gather many people together to host in consistent
manner.

Review the reaction of gvpe maintainer here:
http://savannah.gnu.org/projects/gvpe/ and then his self-hosted
project: http://software.schmorp.de/pkg/gvpe.html

Thus it is not easy to even enforce a policy by the GNU project to GNU
software maintainers, when the underlying infrastructure, the hosting
services, are not adequate for them, or if such do not deliver what is
promised, or require considerable more efforts then expected.

On the other hand, the website http://gnuradio.org/ is not providing a
reference to documentation. It is not enough to have a beautiful site
without access to documentation. Even searching for documentation
gives no result, just try: http://gnuradio.org/?s=documentation

Thus there are services to be improved on GNU site, to attract the
developers to host on GNU, or to enforce policies to host on GNU, at
least the mirror software and website, documentation, and there are
things to be improved on GNU software maintainers. Such as "access to
documentation".

Jean Louis