[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [security-discuss] gnuradio project DoS attacks GNU wget users
From: |
Jean Louis |
Subject: |
Re: [security-discuss] gnuradio project DoS attacks GNU wget users |
Date: |
Wed, 1 Mar 2017 18:30:50 +0300 |
On Wed, Mar 01, 2017 at 09:53:54AM -0500, Alfred M. Szmidt wrote:
> Best solution for any GNU parts and software would be that there is
> clear policy on hosting.
>
> There is clear policy, and it is up to the discretion of the
> maintainer. This is spelled out in the GNU Maintainer guidelines.
I did know know it. And now I have found the link:
https://www.gnu.org/prep/maintain/maintain.html#Hosting
Quote:
------
We recommend using savannah.gnu.org for the source code repository for
your package, but that’s not required. See Old Versions, for more
information about Savannah.
We strongly urge you to use ftp.gnu.org as the standard distribution
site for releases. Doing so makes it easier for developers and users
to find the latest GNU releases. However, it is ok to use another
server if you wish, provided it allows access from the general public
without limitation (for instance, without excluding any country).
That way, I am limited, when using wget, and wrong Tor exit
(hypothetically) to access the software. It is a clear limitation.
> I would propose that if the original project is hosted somewhere else,
> but on GNU website, including Savannah and GNU FTP, then the copy of
> software shall be served from GNU website or GNU FTP or Savannah, and
> the original project may be served as they wish.
>
> Would you like to help doing that? You can try contributing pataches
> to packages which are not hosted on ftp.gnu.org so it would be easy
> for the maintainer to put it there as part of their release
> procedure.
I could certainly help on making the copy from the original website,
to the GNU website, and I could monitor the releases, just like I am
doing it now. My system is GNU, self made, and I download directly all
packages, without using any distribution.
> Downloading from Sourceforege like for example CLISP, GNU Common Lisp,
> or downloading through Cloudfare, and other providers (Github), is not
> reasonable for freedom loving users.
>
> You say that it is not reasonable, but not explaining why.
Then let me explain you why:
1. Sourceforge, uses too much advertising, access with simplest
browsers is difficult, promotes usage of proprietary iPhone based
cloud tools for voice communication (today that one, tomorrow
something else), uses Cloudfront itself, and imposes non-free
Javascript on users (/* Copyright 2017 Bizx, LLC All rights
reserved. */) -- so I don't know any good reason, why Sourceforge
should be allowed to host GNU projects. It imposes limitations, one of
most important limitations is pushing the non-free software to GNU
users. It imposes serious restrictions to use directly wget or direct
downloads, their concept is based on clicks, advertising, and users
are moved to use the HTML websites, and not simple FTP.
2. Github, imposes non-free Javascript, and has itself proprietary
software (Github). Gitlab is more ethical, they provide the software
to users. Or maybe you should read their license:
https://enterprise.github.com/license
Did you read the concept of Github? They are simply using or better
said, abusing the concept of free software for their own purposes. It
gives incentives to have proprietary software on Github.
3. CloudFlare, should be very obvious, it imposes limitations, which
is in limitation to the GNU Maintainer guidelines, see the link above.
None of above websites are friendly websites for software downloaders.
> I find it perfectly reasonable, just like when one downloaded GNU
> projects from prep.ai.mit.edu, tsx-11, or Sunsite.
Absolutely not. Your argument is obviously without any analysis. How
it can be "perfectly" reasonable. Did you see the one anonymous
complaining on not being able to download the GNU Software? I am in
the same group of people as I am downloading GNU software myself,
directly, without using distributions. Did not use GNU radio yet,
however, I get pissed off if being redirected to captcha or
Cloudflare, and especially when I need to download from Sourceforge,
Github, or need to submit the bugs there.
That is why the GNU Maintainer policies have to be improved,
limitations shall be defined, and any software hosted elsewhere, shall
be copied to GNU servers, which are friendly to all users.
Jean Louis
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Anonymous, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Alfred M. Szmidt, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Jean Louis, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Alfred M. Szmidt, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users,
Jean Louis <=
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Alfred M. Szmidt, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Jean Louis, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, hellekin, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, ng0, 2017/03/01
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Richard Stallman, 2017/03/02
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, ng0, 2017/03/02
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, ng0, 2017/03/03
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Richard Stallman, 2017/03/03
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Alfred M. Szmidt, 2017/03/02
- Re: [security-discuss] gnuradio project DoS attacks GNU wget users, Richard Stallman, 2017/03/02