From 4f9edbfd6eea5a928ee6dfc6f3d955467ea132d8 Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" <esr@thyrsus.com> Date: Sun, 30 Sep 2012 01:20:37 -0400 Subject: [PATCH] On the unreliability of IRC for statistics. --- security.txt | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/security.txt b/security.txt index 9a72daf..01488a5 100644 --- a/security.txt +++ b/security.txt @@ -186,6 +186,15 @@ in-band authentication in that they would leave the job to specialist code not in any way coupled to irkerd's internals, minimizing global complexity and failure modes. +One larger issue (not unique to irker) is that because of the +insecured nature of IRC it is essentially impossible to secure +#commits against commit notifications that are either garbled by +software errors and misconfigurations or maliciously crafted to +confuse anyone attempting to gather statistics from that. The lesson +here is that IRC monitoring isn't a good method for that purpose; +going direct to the repositories via a toolkit such as Ohloh is +a far better idea. + === Future directions === There is presently no direct support for spipe or stunnel in -- 2.26.2