| 1 |
On Sat, Aug 04, 2007 at 01:01:11AM +0300, Philipp Riegger wrote: |
| 2 |
> On Fri, 2007-08-03 at 12:48 -0700, Drake Wyrm wrote: |
| 3 |
> > It's not a vulnerability in Rules du Jour. It's a bunch of spammers |
| 4 |
> > attacking the Rules du Jour servers and ISP. SARE has also been down a |
| 5 |
> > whole bunch over the last couple of months due to the same attack. |
| 6 |
> Which will probably never happen to gentoo, because of the rather bg |
| 7 |
> mirroring system. So, would it be possible to host daily (or hourly) |
| 8 |
> snapshots of these rule files (or something like that) and tell the |
| 9 |
> world that we do so and that they can download these in the nightly |
| 10 |
> cronjob? That migth solve a problem and i don't see it becoming a |
| 11 |
> problem for the gentoo mirror infrastructure. |
| 12 |
This doesn't solve the problem at all. |
| 13 |
|
| 14 |
We still need to get the rules from upstream, and the DDoS is against |
| 15 |
upstream. Really, just move to using sa-update instead. It has the |
| 16 |
IDENTICAL rulesets, but the update-needed checks are preformed via DNS |
| 17 |
instead of an HTTP operation. |
| 18 |
|
| 19 |
-- |
| 20 |
Robin Hugh Johnson |
| 21 |
Gentoo Linux Developer & Council Member |
| 22 |
E-Mail : robbat2@g.o |
| 23 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |
Archives