From 4f9edbfd6eea5a928ee6dfc6f3d955467ea132d8 Mon Sep 17 00:00:00 2001
From: "Eric S. Raymond" <esr@thyrsus.com>
Date: Sun, 30 Sep 2012 01:20:37 -0400
Subject: [PATCH] On the unreliability of IRC for statistics.

---
 security.txt | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/security.txt b/security.txt
index 9a72daf..01488a5 100644
--- a/security.txt
+++ b/security.txt
@@ -186,6 +186,15 @@ in-band authentication in that they would leave the job to specialist
 code not in any way coupled to irkerd's internals, minimizing
 global complexity and failure modes.
 
+One larger issue (not unique to irker) is that because of the
+insecured nature of IRC it is essentially impossible to secure
+#commits against commit notifications that are either garbled by
+software errors and misconfigurations or maliciously crafted to
+confuse anyone attempting to gather statistics from that.  The lesson
+here is that IRC monitoring isn't a good method for that purpose;
+going direct to the repositories via a toolkit such as Ohloh is
+a far better idea.
+
 === Future directions ===
 
 There is presently no direct support for spipe or stunnel in
-- 
2.26.2