[Haskell-cafe] real haskell difficulties (at least for me)
Duncan Coutts
duncan.coutts at worc.ox.ac.uk
Thu Jan 15 08:05:57 EST 2009
On Thu, 2009-01-15 at 14:38 +0200, Yitzchak Gale wrote:
> Duncan Coutts wrote:
> > We want to let random users on random
> > platforms submit simple anonymous build reports (no logs)...
> > The only downside compared to a more centralised system is that we do
> > not get to centrally monitor the status of the dedicated build clients.
>
> And that we open ourselves up to some serious security concerns -
> like hostile build reports and DOS.
Detailed build reports with logs are not anonymous, clients will need an
account on hackage (ie username and password). Yes, we could get flooded
with anonymous build reports, but they're much smaller and hopefully
they'll either be obviously bogus or drowned out by the volume of legit
reports. So the information content and reliability of each data item is
lower but hopefully the volume makes up for it, so long as we do the
statistics carefully.
As Manlio says, we're always open to DOS attacks. We just have to make
sure we're not more vulnerable than average by doing too much work on
the server side compared to the work done by the client (ie the
processing of anonymous reports has to be fairly cheap).
Duncan
More information about the Haskell-Cafe
mailing list