[security-discuss] GNU CDN? (was: CloudFlare, not good choice)

[Nomen Nescio]

Jean Louis said:

> Each package may be copied to GNU and distributed in parallel from
> GNU servers by GNU helpers and problem could be solved.

We cannot forget that many projects have documentation outside of the
distributed package; documentation that is official and served only
from the project websites.  Among that documenation, much of it is
wiki-ized.  And exclusively in the case of gnuradio, it's also in a
corporate walled-garden.

At the same time, centralizing everything on a single GNU server
creates a single point of failure security issue.  Possible fix:

Suppose there were a GNU CDN running on one of the free CDN packages
you pointed to earlier, whereby projects and trusted univerisities
could volunteer to run peer nodes that mirror all GNU web content.
Such a network would further eliminate any excuse a GNU project might
attempt to use as justification for CloudFlare.  It would reduce
shenanigans that subject public resources to private clubs.  

Even if it were voluntary for GNU projects to use GNU CDN, eliminating
excuses to follow the freedom-hostile approach of GNU Radio
Foundation, Inc. is important.

Note that a GNU CDN would still be centralized, and exposed to
compromises like that of CloudBleed on CloudFlare.  And worse, I
suspect user accounts (names and passwords) would be exposed to the
GNU CDN nodes (just as usernames and passwords of all CloudFlare sites
are exposed to CloudFlare).  So ideally anything that needs a login
would probably have to be excluded from the GNU CDN.  Documation
updates would best be done by the same mechanism as software updates,
although that doesn't solve the wiki problem.

--
Please note this was sent anonymously, so the "From:" address will be unusable.
List archives:
  https://lists.gnu.org/archive/html/security-discuss
  https://lists.gnu.org/archive/html/gnu-system-discuss
will be monitored.