security-discuss
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [security-discuss] gnuradio project DoS attacks GNU wget users


From: Alfred M. Szmidt
Subject: Re: [security-discuss] gnuradio project DoS attacks GNU wget users
Date: Wed, 01 Mar 2017 09:53:54 -0500

   >    > Works for Me.
   >    > 
   >    >   ~ $ wget 
http://gnuradio.org/releases/gnuradio/gnuradio-3.7.10.1.tar.gz
   > 
   >    If you use wget in the manner required by CloudFlare, Inc. and GNU
   >    Radio Foundation, Inc., indeed there is no issue.
   > 
   >    But some of whome embrace freedom 0 don't want to be forced to use the
   >    tools in a restricted capacity.  A privacy-proponent might want to use
   >    wget over Tor, as follows: 
   > 
   > To use a program you have to have a copy of it, there is no obligation
   > (be it ethical, moral or otherwise) on the distributor that they have
   > to distribute a copy to you over your prefered means.

   That is lack of police at the GNU project.

That is a good thing.

   Best solution for any GNU parts and software would be that there is
   clear policy on hosting.

There is clear policy, and it is up to the discretion of the
maintainer.  This is spelled out in the GNU Maintainer guidelines.

   I would propose that if the original project is hosted somewhere else,
   but on GNU website, including Savannah and GNU FTP, then the copy of
   software shall be served from GNU website or GNU FTP or Savannah, and
   the original project may be served as they wish.

Would you like to help doing that?  You can try contributing pataches
to packages which are not hosted on ftp.gnu.org so it would be easy
for the maintainer to put it there as part of their release procedure.

   Downloading from Sourceforege like for example CLISP, GNU Common Lisp,
   or downloading through Cloudfare, and other providers (Github), is not
   reasonable for freedom loving users.

You say that it is not reasonable, but not explaining why.  I find it
perfectly reasonable, just like when one downloaded GNU projects from
prep.ai.mit.edu, tsx-11, or Sunsite.  Sourceforge, nor Github require
you to use any non-free software to download a package, ergo it is
fully reasonable.  It migt not be the best solution, but it is not
inherently a wrong solution.

   Also submitting bugs through Sourceforge that requires password, and
   Github, is also not a reasonable expectation of GNU users.

For some projects you are required to have a Savannah account to post
bugs via Savannah.  Some GNU mailing lists require you to subscribe
before you can post.  It is up to the discretion of the maintainer to
decide what is suitable.

   And I just suppose that GNU and FSF would not block Tor users, when
   software is served from their servers.

Neither the GNU project nor the FSF is blocking Tor users.

   That way, there would be no disagreements.

There is no disagreement, it is the maintainers discretion.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]