bug-gnu-emacs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#19565: Emacs vulnerable to endless-data attack (minor)

From: Stefan Kangas
Subject: bug#19565: Emacs vulnerable to endless-data attack (minor)
Date: Tue, 8 Oct 2019 18:50:22 +0200 
Lars Ingebrigtsen <larsi@gnus.org> writes:

> So bytes/sec, as you suggest, may be the best heuristic.  But it should
> only kick in after having received a large number of bytes, probably.

Maybe this is a stupid question, but what if I'm on a slow connection?
 Then I would never hit the max?  Emacs does have users also in areas
of the world where the connections are generally slow, but where AFAIK
in addition to that they may have to pay for data.  Also consider the
use case of a user from the developed world currently on data roaming,
with a maximum of 100 MiB of free data...

I'm not against the bytes/sec idea, and maybe I don't understand it
well enough, but I also think there is a case for being able to
specify a maximum number of bytes for a particular connection.  For
example, the "archive-contents" file is never that big unless
something is seriously wrong.  The MELPA "archive-contents" file is
probably one of the biggest examples in use today and currently weighs
in at 1,433,186 bytes.  This means that a maximum of, say, 128 MiB
should be extremely generous in this case, also allowing for it to
grow quite a lot in the next decade or so.

Best regards,
Stefan Kangas
reply via email to
[Prev in Thread] Current Thread [Next in Thread]