[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: address@hidden: Re: [security-discuss] gnuradio project DoS attacks
|
From: |
Leo Famulari |
|
Subject: |
Re: address@hidden: Re: [security-discuss] gnuradio project DoS attacks GNU wget users] |
|
Date: |
Fri, 3 Mar 2017 12:50:17 -0500 |
|
User-agent: |
Mutt/1.8.0 (2017-02-23) |
On Fri, Mar 03, 2017 at 11:08:43AM +0000, ng0 wrote:
> Hi,
>
> I don't like repeating myself when I have written the content before.
> So going by the message below, I'd like to change the way we provide
> download links and use the http protocol for our downloads at
> gnu.org/s/guix. Currently we only offer the ftp protocol links. The
> ports 20 and 21 are commonly blocked in the tor network by relays, that
> I was able to telnet to port 21 of alpha.gnu.org was just luck.
I'm not that familiar with Tor, so forgive me if I'm asking questions
that everyone else already knows the answer to.
Would it be enough to offer an HTTPS source for our `gnu.org/s/guix`
downloads? Would that work for Tor users? Or do we have to create an
Onion service, too?
What are the pros and cons?
If the HTTPS link can be accessed reliably over Tor, I think that would
be better for us, because it would reduce the amount of Guix sysadmin
work.
> It would not fix
> the fact that we use ftp:// internally in some downloads (which breaks
> guix package --fallback when you try to torify guix), but this could
> be fixed later.
Are you talking about using FTP to download the sources of some
packages?