From: Eric S. Raymond Date: Sun, 30 Sep 2012 05:20:37 +0000 (-0400) Subject: On the unreliability of IRC for statistics. X-Git-Tag: 1.2~1 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=4f9edbfd6eea5a928ee6dfc6f3d955467ea132d8;p=irker.git On the unreliability of IRC for statistics. --- diff --git a/security.txt b/security.txt index 9a72daf..01488a5 100644 --- a/security.txt +++ b/security.txt @@ -186,6 +186,15 @@ in-band authentication in that they would leave the job to specialist code not in any way coupled to irkerd's internals, minimizing global complexity and failure modes. +One larger issue (not unique to irker) is that because of the +insecured nature of IRC it is essentially impossible to secure +#commits against commit notifications that are either garbled by +software errors and misconfigurations or maliciously crafted to +confuse anyone attempting to gather statistics from that. The lesson +here is that IRC monitoring isn't a good method for that purpose; +going direct to the repositories via a toolkit such as Ohloh is +a far better idea. + === Future directions === There is presently no direct support for spipe or stunnel in